Integrations are nonnegotiable for SaaS companies. The average business’s SaaS portfolio encompasses 342 apps. Without integrations, these apps become data silos, and we all know the challenges with those. Customers expect seamless connectivity. According to G2, B2B software buyers consider integration capabilities a top factor in their decisions. Another survey found more than half of … continue reading
CISA, the government agency tasked with securing the U.S.’ cyber and physical infrastructure, has released new Information Technology (IT) Sector-Specific Goals (SSGs). According to the organization, the IT SSGs complement Cross-Sector Cybersecurity Performance Goals (CPGs) and offer “additional voluntary practices with high-impact security actions.” Organizations can use them to improve the security of their software … continue reading
Companies are planning to invest more heavily in AI skills and security governance, risk, and compliance initiatives this upcoming year, according to new research from O’Reilly. The company’s Technology Trends for 2025 report analyzed data from 2.8 million users on its learning platform. The research shows significant increases in interest in various AI skills, including … continue reading
Attackers are increasingly targeting open source projects, seeking to exploit holes in software that millions of organizations rely on as the foundation of their technology stacks. The staggering 280% year-over-year increase in software supply chain attacks in 2023 serves as a stark warning: open source projects and their leadership must elevate security to their highest … continue reading
The number of security challenges companies are facing continue to grow, but organizations are beginning to display signs of “AppSec exhaustion,” or decreased engagement in security practices. This is according to Snyk’s new State of Open Source report, which found that dependency tracking and code ship frequency has remained largely unchanged since last year. There … continue reading
MITRE recently released its yearly list of the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This list differs from lists that contain the most common vulnerabilities, as it is not a list of vulnerabilities, but rather weaknesses in system design that can be exploited to leverage vulnerabilities. “By definition, code injection is an attack, … continue reading
While one might anticipate that the more complex an application is, the more likely it is to have security vulnerabilities, a recent analysis from Black Duck found the opposite to be true. Its 2024 Software Vulnerability Snapshot report analyzed data from 200,000 dynamic application security testing scans for 1,300 applications across 19 different industry sectors. … continue reading
Several high profile software supply chain security incidents over the last few years have put more of a spotlight on the need to have visibility into the software supply chain. However, it seems as though those efforts may not be leading to the desired outcomes, as a new survey found that only one out of … continue reading
One of Google’s security research initiatives, Project Zero, has successfully managed to detect a zero-day memory safety vulnerability using LLM assisted detection. “We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software,” the team wrote in a post. Project Zero is … continue reading
The Open Source Security Foundation (OpenSSF) is updating its Developing Secure Software (LFD121) course with new interactive learning labs that provide developers with more hands-on learning opportunities. LFD121 is a free course offered by OpenSSF that takes about 14-18 hours to complete. Any student who passes the final exam gets a certificate that is valid … continue reading
Microsoft is making it easier to use passkeys on Windows 11 by introducing a way for third-party passkey providers to integrate with Windows’ passkey system, improving the user experience for creating and using passkeys, and adding the ability to sync passkeys across multiple Windows 11 devices. Passkeys are a safer alternative to passwords where users … continue reading
Open source maintainers do significantly more security and maintenance work than unpaid maintainers, yet 60% of all maintainers remain unpaid, according to the 2024 State of Open Maintainer report from Tidelift. “The health and security of our global software infrastructure depends on open source maintainers,” Donald Fischer, co-founder and CEO, Tidelift, said in an announcement … continue reading
