John P. Mello Jr.

Visibility into the software that organizations and their suppliers use has become a cornerstone of supply chain security. That's the bottom line from a recent panel discussion among experts at a webinar sponsored by the IT GRC Forum, which focuses on governance, risk management, and compliance.

While surprise is a major advantage in battle, it's a nightmare for application security (AppSec) teams. That's why they turn to chaos engineering. It introduces controlled failures into systems to identify vulnerabilities and build up the organization's resiliency. Simulating real-world attacks and disruptions lowers the risk of surprise, addresses potential weaknesses before they're exploited, and makes critical applications more reliable.

Much has been written about the threats artificial intelligence (AI) can pose to an organization's security, but the technology can be transformative for security teams as well, helping them tackle the key challenges they face. In recent keynote speeches at BSides and RVAsec, Caleb Sima, chair of the Cloud Security Alliance'sAI Security Alliance, highlighted how AI can revolutionize cybersecurity by taking on key challenges facing security operations center (SOC) teams.

The Open Web Application Security Project (OWASP) has released a new version of its dependency-check tool, which can identify known vulnerabilities in third-party software components, measure and enforce policy compliance, respond to identified vulnerabilities, prioritize vulnerability mitigation, triage findings and policy violations, and produce a CycloneDX-based software bill of materials (SBOM).

The National Initiative for Cybersecurity Education's cybersecurity hiring framework may be a good place to start when putting together a solid security team. However, some changes are needed for NICE to equip teams with the knowledge, skills — and distinct roles — to enhance your software supply chain security (SSCS) strategy.

New guidance for organizations seeking to protect the generative AI tools they're running has been released by the OWASP Top 10 LLM Applications Security Project.

Based on a survey of 11,000 adults in 50 states, one-quarter of American adults have had a package stolen this year. The average value of each stolen parcel was $204.

Paradoxical tensions among consumers are making their behavior unpredictable and baffling many sellers, according to a report released Monday by a global strategy and management consulting firm.

An updated version of the OWASP Top 10 for LLM Applications has been released, with a key outline of software risk for large language model development

Mushrooming fake store sites, deceptive domains, and compromised e-commerce sites are just a few of the threats facing online shoppers and businesses