August 25, 2022

Hyundai devs used sample code signing keys, making updates vulnerable

Developers of the entertainment unit in the Hyundai Ioniq reused a code-signing key pair from an example, rather than generating their own.
August 22, 2022

To secure your CI/CD pipelines, round up the usual suspects

Exploring the “how” of CI/CD compromises, researchers show many of the culprits will be familiar to security teams.
August 18, 2022

6 reasons app sec teams should shift gears and go beyond legacy vulnerabilities

With software supply chain attacks surging, app sec teams should shift gears from legacy vulnerabilities to open-source repos, dev tools, and tampering.
August 18, 2022

Just for devs: Best of Black Hat and DEF CON

Hacker summer camp is BACK, baby.
August 12, 2022

NVD Analysis 2022: Why you need to modernize your software security approach

The NVD as it is today does not tell the full story of software risk. Here's why the NVD — and your software security approach — need to be modernized.
August 12, 2022

Researchers: GitHub Copilot produces vulnerable code, demos AI bias

GitHub updated guidance on using its Copilot AI-powered code bot after researchers showed at Black Hat that it often generates vulnerable code.