BoostSecurity News, Press & Events

On February 20th, Anthropic announced Claude Code Security; a new capability (for now within Claude Code Web, but it will make its way to other Claude Code interface points). The key functionality is the ability to intelligently scan a code base for security bugs, triage (to reduce F+), prioritize (assign severity), and generate fixes. This is working at scale (data point: it found 500+ bugs that eluded the open source world recently). It can find issues that rule based SAST cannot (such as business logic flaws, broken auth, etc).

Within hours, LinkedIn was flooded with hot takes: "AppSec is dead." "SAST is over." "Shift-left is obsolete."

In the previous post, we made the case that developers are big targets of attack these days. Hardly a week goes by without some malware slipping into the open source package ecosystem. Developers are affected when they directly (or transitively) download the package. 

After connecting with dozens of CISOs and CTOs, we've realized there’s a lot of diverging ideas around what software supply chain security even is. Even more so, the range of opinions around how to effectively protect against the unique and expanding kinds of risks is confusing to say the least. And while there are plenty of supply chain security standards around, and plenty of deeply technical supply chain security resources, there wasn't anything talking about it from a business risk level. So, we put together a resource for CISOs and CTOs that explores four categories of risks;

After connecting with dozens of CISOs and CTOs, we've realized there’s a lot of diverging ideas around what software supply chain security even is. Even more so, the range of opinions around how to effectively protect against the unique and expanding kinds of risks is confusing to say the least. And while there are plenty of supply chain security standards around, and plenty of deeply technical supply chain security resources, there wasn't anything talking about it from a business risk level. So, we put together a resource for CISOs and CTOs that explores four categories of risks;

Global AppSec San Francisco returns November 14-18 to the Hyatt Regency San Francisco. Designed for private and public sector infosec professionals, the two-day OWASP conferences equip developers, defenders, and advocates to build a more secure web.

Cybersecurity is hard. Companies stacked with security talent, and no shortage of cybersecurity budgets get breached. Every. Year.