Rust Community’s Post

In today’s fast-paced software development world, security isn’t just an option; it’s a necessity. ✅ “The Ultimate Guide to JFrog Security” is a comprehensive white paper designed to help you fortify your #DevSecOps practices for unparalleled visibility & control across your #SDLC. Download it now: https://jfrog.co/3Paq7DT

Excellent piece on bloated software and the risks it poses. https://lnkd.in/ekGxceds

Sometimes the "how" is just as important as the "what." Now, you can see desktop software in Torii without installing risky agents. Learn more here 👉

Sometimes the "how" is just as important as the "what." Now, you can see software in Torii without installing any desktop agents. Learn more here 👉 https://okt.to/RTlv6Z

Top 10 open source software risks — and how to mitigate them

If shifting-left feels like more of a stretch goal, this blog post is for you! Discover how Semgrep AppSec Platform streamlines security for devs, ensuring fast & secure software delivery. Read the full blog here: https://lnkd.in/gBtJ-Hkx

Yesterday we made a big announcement regarding not only the technical capabilities of our platform, but also the expansion of the end users we are solving problems for. We have learned an incredible amount from our origin of supporting firmware and embedded operating systems, but realized the problems that exist in that space, exist across all device types within an organization. Announcing support for Windows and containers is just the first step in addressing the true nature of the software supply chain security problem, the compiled code that exists in your environment. The lessons learned from being able to generate SBOMs and identify supply chain risk within firmware forced us to learn some really important lessons. These lessons translate to all other compiled code and makes supporting these other artifacts significantly easier than if we did not have that experience. Come visit our booth and let us show you what the future of software supply chain security looks like. NetRise is the world’s first Supply Chain Detection & Response company oriented towards the end users of software and providing visibility into that software in a way currently not present in the market. The days of shifting left have not addressed the problems that continue to persist in this industry, the market needs a new approach, a shift RIGHT approach. Come by booth #3019 to learn more and remember, we will also have a big presence at DEF CON, so we aren’t done once BlackHat ends. https://lnkd.in/gJ-cgXWA

⛓️ Software supply chain extends beyond third-party and open-source software. 🔨There are many opportunities for misconfiguration, such as of build servers. 🗒️ Complying with software security regulations is cumbersome and taxing. 🔎 Visibility into all links in the software factory is a significant challenge. 📝 There are too many AppSec testing results, without enough context. 👀 Siloed teams are preventing a holistic view of product security. 🤐 Secrets remaining exposed is a real and growing problem. 📈 There are too many dashboards, and too much noise. 🕗 It’s time-consuming to correlate all these results. 💻 Scanning source code alone is not enough. 🆕 It’s clearly time for a new approach. We are pleased to announce the publication of “A New Approach to Application Security: Stop Collecting Tools, Start Building a Foundation:” Scroll through below, download a copy here: https://lnkd.in/dxSV2jsx Or Stop by Booth S232 at RSA to get an easy-to-carry booklet-size version. #ASPM #LegitSecurity #softwaresupplychainsecurity #applicationsecurity

This course gives important insight and general knowledge of the most common risks on developing software. There were many things disclosed that I have seen in my projects that some developers might not even be aware of. I can 100% recommend for all software developers to take this course.

In my latest post for ReversingLabs: I take a look at some of the shortcomings in the long awaited Secure Software Development Attestation Form, which sidesteps calls for greater software supply chain transparency via #SBOMs.