Third-party cybersecurity incidents are on the rise, but organizations face challenges in mitigating risks arising for the software supply chain, a survey of 200 chief information security officers (CISOs) has found. The post CISO survey: 6 lessons to boost third-party cyber-risk management appeared first on Security Boulevard.
Category: AppSec & Supply Chain Security
AppSec & Supply Chain Security, Global Security News, Security Bloggers Network
The cybersecurity ‘fog of war’: How to apply data science to cut through
One of the biggest problems cybersecurity teams face is the overwhelming uncertainty of situations as cyberattacks unfold. It’s hard to know what mitigations to work on first, which systems are most likely to risk business loss as threat rapidly moves across a network — and how to fix root problems as responders dig into an…
AppSec & Supply Chain Security, Global Security News, Security Bloggers Network
7 container security best practices
Properly securing containers has never been easy, but the rise of software supply chain attacks — and new threats coming from AI — makes additional security controls essential. Threats and risks must be identified and addressed before containers are deployed, of course, but because the size and complexity of these virtual, self-contained software applications can…
AppSec & Supply Chain Security, Global Security News, Security Bloggers Network
Agentic AI and software development: Here’s how to get ahead of rising risk
As technology leadership pushes ever harder to deeply embed AI agents into software development lifecycles — in some cases, even using agentic AI to replace midlevel developers — application security (AppSec) is about to go from complex to a lot more complicated. The post Agentic AI and software development: Here’s how to get ahead of…
AppSec & Supply Chain Security, Artificial Intelligence (AI)/Machine Learning (ML), Global Security News, Security Bloggers Network
The OWASP NHI Top 10 and AI risk: What you need to know
Identity management has long been a pillar of any sound cybersecurity program, ensuring that only authorized persons and machines have access to specific data and systems. Today, the rapid adoption of artificial intelligence (AI) is making it much more complicated to manage the identities of machines, making the appearance of the OWASP Non-Human Identities Top…
AppSec & Supply Chain Security, Global Security News, Governance, Risk & Compliance, Security Bloggers Network, security operations
AI is a double-edged sword: Why you need new controls to manage risk
As with just about every part of business today, cybersecurity has been awash in the promises of what AI can do for its tools and processes. In fact, cybersecurity vendors have touted the power of algorithmic detection and response for years. The post AI is a double-edged sword: Why you need new controls to manage…
AppSec & Supply Chain Security, Global Security News, Security Bloggers Network
Census III study spotlights ongoing open-source software security challenges
Backward incompatibilities, the lack of standard schemas for components, and projects staffed by too few developers are just some of the risks threatening the security of free and open-source software (FOSS), a study released by the Linux Foundation, the Open Source Security Foundation (OpenSSF), and Harvard University has found. The post Census III study spotlights ongoing…