OSC&R Report Exposes Software Supply Chain Security Vulnerabilities
First Annual Report Analyzes Millions of Vulnerabilities Against the Industry’s First Supply-Chain Specific Attack Matrix Software is the foundation on which today’s businesses operate. From standard enterprise applications like customer relationship management (CRM), enterprise resource planning (ERP), and business intelligence (BI), to custom-built applications tailored for specific business use, it’s hard to find an organization […]
Context is king: what the next generation of AppSec tools is learning from SIEM
Success breeds…confusion? AppSec teams face an average of 118,000 vulnerability alerts across their software supply chain. If even 1% of those are being exploited in the wild, finding – and triaging – them in a sea of noise is difficult at best. Throw in multiple tools – on average, security teams need to […]
Obtaining Security Budgets You Need (Not Deserve): Ira Winkler’s Cybersecurity Playbook for Executives
The biggest problem in cyber security is that CISOs get the budgets they deserve, not the budgets they need—and they need to learn to deserve what they need.
SaaS BOM: The Advantage for Securing SaaS Ecosystems
Introduction It’s not a secret that organizations are increasingly investing in software-as-a-service (SaaS) solutions. It’s not just about keeping pace with competitors; it’s about maximizing efficiency, enhancing collaboration, and driving innovation. However, this power brings challenges, especially the complexities and vulnerabilities associated with these cloud-based services. The latest report from Cybersecurity and Infrastructure Security Agency […]
Understanding Shadow APIs: Risks and Management
The term “shadow API” might evoke images of covert operations or hidden threats lurking in the digital shadows. While they aren’t the stuff of spy thrillers, shadow APIs can indeed pose significant risks to organizations. These are APIs that operate outside the usual IT controls and cyber defenses, making them attractive targets for malicious actors. […]
Demystifying Attack Path Analysis in Application Security: Benefits, Implementation, and Considerations
The term “attack path” often brings to mind memories of my time as Chief Marketing Officer for a breach simulation firm, where I learned of adversaries’ tactics commonly seen in traditional security evaluations. However, the ongoing convergence of traditional security methods with application security (AppSec) best practices is progressively obscuring the boundaries between the two […]
Bridging the Gap: Uniting Development and AppSec
We recently hosted a webinar on integrating development and security functions to increase organizational resilience. Industry leaders from Repsol, SAP, Payhawk, Rakutan, Vodafone, and IQUW discussed how aligning these crucial areas enhances efficiency. Of course this isn’t a new topic and yet, we keep talking about it. In case you missed the webinar, we rounded […]
From Alert Fatigue to Actionable Insights: How SCA Fits Into Active ASPM
Using third-party components in application development has become a norm rather than an exception. While boosting efficiency and innovation, this trend also opens up a Pandora’s box of security vulnerabilities that adversaries can exploit. The challenge of identifying and remediating these vulnerabilities as early as possible in the development process is paramount. Yet, many Software […]
Container Scanning: A Path to Enhanced Vulnerability Management
Over the last few years, containers have emerged as a cornerstone technology, enabling scalability, efficiency, and consistent environments across development, testing, and production. However, the rise of containers has also introduced new security challenges, particularly around managing vulnerabilities that can compromise the entire application stack. By now, you’ve heard about the discovery of malicious code […]
Securing Your Software Development in Compliance with CISA: How OX Security Simplifies the Process
The Cybersecurity and Infrastructure Security Agency (CISA) recently released its new Secure Software Development Attestation Form, which mandates significant responsibilities and declarations from software producers to ensure the security and integrity of software development and deployment processes. Often, these initiatives can be a considerable undertaking, but don’t worry – we have you covered. Here is […]