March 21, 2024

Memory-safety and security by design: Key insights, lessons

Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue.
March 5, 2024

NIST updates guidance: 3 ways to pump up your CI/CD security

The National Institute of Standards and Technology has beefed up its guidelines for securing CI/CD environments. Are you ready to bulk up your program?
January 3, 2024

The state of container security: 5 key steps to lock down releases

Here are best practices — and recommendations for tooling — to modernize your software supply chain security approach.
November 14, 2023

8 CI/CD security best practices: Protect your software pipeline

Don't neutralize CI/CD business gains by failing to account for risk. Here are eight best practices to ensure your software development pipeline is secure.
October 19, 2023

Rust on Android goes bare metal: 3 key security benefits

Using Rust in bare-metal applications will make Android a safer platform — and have a broader impact on the Rust community. Here are three key takeaways.
March 15, 2023

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

GitHub is a weak link in the software supply chain. Finally, Microsoft is doing something about it — by forcing users into two-factor authentication (2FA).