BoostSecurity News, Press & Events

In the previous post, we made the case that developers are big targets of attack these days. Hardly a week goes by without some malware slipping into the open source package ecosystem. Developers are affected when they directly (or transitively) download the package. 

After connecting with dozens of CISOs and CTOs, we've realized there’s a lot of diverging ideas around what software supply chain security even is. Even more so, the range of opinions around how to effectively protect against the unique and expanding kinds of risks is confusing to say the least. And while there are plenty of supply chain security standards around, and plenty of deeply technical supply chain security resources, there wasn't anything talking about it from a business risk level. So, we put together a resource for CISOs and CTOs that explores four categories of risks;

After connecting with dozens of CISOs and CTOs, we've realized there’s a lot of diverging ideas around what software supply chain security even is. Even more so, the range of opinions around how to effectively protect against the unique and expanding kinds of risks is confusing to say the least. And while there are plenty of supply chain security standards around, and plenty of deeply technical supply chain security resources, there wasn't anything talking about it from a business risk level. So, we put together a resource for CISOs and CTOs that explores four categories of risks;

Global AppSec San Francisco returns November 14-18 to the Hyatt Regency San Francisco. Designed for private and public sector infosec professionals, the two-day OWASP conferences equip developers, defenders, and advocates to build a more secure web.

Cybersecurity is hard. Companies stacked with security talent, and no shortage of cybersecurity budgets get breached. Every. Year.