Latest from todayfeatureThe CSO guide to top security conferencesTracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.By CSO Staff28 Feb 202510 minsApplication SecurityEventsTechnology Industry news Malicious package found in the Go ecosystemBy Paul Krill06 Feb 20251 minSecuritySoftware Developmentnews analysis Python administrator moves to improve software securityBy David Strom23 Jan 20255 minsMalwareOpen SourceSoftware Development featureHow organizations can secure their AI-generated codeBy Andrada Fiscutean 20 Jan 202510 minsApplication SecuritySoftware Development opinionSecure by design vs by default – which software development concept is better?By Chris Hughes 03 Jan 202511 minsDevSecOpsDevelopment ApproachesSecurity Practices opinionCISA’s guides can help you demand – and receive – secure software from the get-goBy Susan Bradley 31 Oct 20248 minsSecuritySecurity PracticesSoftware Providers news analysisMalicious open-source software packages have exploded in 2024By Lucian Constantin 14 Oct 20246 minsMalwareOpen SourceThreat and Vulnerability Management news analysisGitHub Actions typosquatting: A high-impact supply chain attack-in-waitingBy Lucian Constantin 05 Sep 20246 minsCyberattacksGitHubSoftware Deployment newsThousands of abandoned PyPI projects could be hijacked: ReportBy Howard Solomon 04 Sep 20246 minsPythonSoftware DevelopmentVulnerabilities Articlesnews analysisPython GitHub token leak shows binary files can burn developers tooScrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub.By Lucian Constantin 11 Jul 2024 5 minsApplication SecurityDevSecOpsSoftware DevelopmentfeatureSoftware supply chain still dangerous despite a slew of effortsWhile recent efforts promise a more secure future for software, experts say several challenges could still vex organizations as they try to improve software security.By Cynthia Brumfield 10 Jul 2024 10 minsCloud SecuritySecurity PracticesSupply Chainnews analysisWindows path conversion weirdness enables unprivileged rootkit behaviorMagicDot technique allows attackers to capitalize on an already-patched vulnerability simply by changing the dots in a path.By Lucian Constantin 19 Apr 2024 5 minsThreat and Vulnerability ManagementVulnerabilitiesWindows SecurityfeatureOWASP Top 10 OSS Risks: A guide to better open source securityThe OWASP list provides recommendations aimed at getting around lagging indicators such as CVE catalogs and provides security practitioners with a guide to safely using OSS components. By Chris Hughes 11 Apr 2024 11 minsOpen SourceThreat and Vulnerability ManagementVulnerabilitiesnews analysisDangerous XZ Utils backdoor was the result of years-long supply chain compromise effortCaught before it could do widespread damage, the sophisticated vulnerability could have been one of the highest-impact software supply chain breaches to date.By Lucian Constantin 02 Apr 2024 10 minsData and Information SecurityOpen SourceSupply ChainnewsMajority of commercial codebases contain high-risk open-source codeIt’s easier to find and fix bugs in open-source software, but that's no help if organizations use old, unpatched versions.By Grant Gross 29 Feb 2024 4 minsOpen SourceSecurity AuditsSoftware DevelopmentfeatureRoundup: Global software supply chain security guidance and regulationsSoftware suppliers and consumers alike will increasingly need to be familiar with global requirements and regulations designed to mitigate software supply chain attacks.By Chris Hughes 08 Jan 2024 8 minsGovernmentSecurity PracticesSupply ChainnewsAlmost all developers are using AI despite security concerns, survey suggestsAbout 96% of developers are using AI tools and nearly eight out of 10 coders are bypassing security policies to use them, while placing unfounded trust into AI’s competence and security, according to the report by Snyk.By John P. Mello Jr. 29 Nov 2023 4 minsDevelopment ToolsSecurity PracticesSupply ChainfeatureNIST provides solid guidance on software supply chain security in DevSecOps Key recommendations from the NIST’s latest guidance and why they are relevant to modern organizations developing and delivering software.By Chris Hughes 19 Oct 2023 9 minsDevSecOpsSecurity PracticesSecurity SoftwarefeatureHow CISOs can shift from application security to product securityProduct security teams are becoming more popular for the in-depth security approach they take when compared to appsec teams. But there is more to it, which includes creating a security-conscious culture.By Ericka Chickowski 30 Aug 2023 10 minsApplication SecuritySoftware DevelopmentnewsArnica’s real-time, code-risk scanning tools aim to secure supply chainArnica adds new software supply chain security capabilities delivered through real-time code risk management tools.By Shweta Sharma 16 May 2023 4 minsDevSecOpsSoftware DevelopmentSupply ChainnewsGitGuardian’s honeytokens in codebase to fish out DevOps intrusionGitGuardian honeytokens are decoy scripts designed to lure out attackers looking to target critical DevOps environments and enterprise secrets. By Shweta Sharma 11 Apr 2023 4 minsIntrusion Detection SoftwareSoftware Development Show more Show less View all Resources whitepaper Unlock Data Value: A Proven Framework To Implement Data Products This webinar explains critical data product concepts and guides your organization to effectively implement a data-products strategy and data-streaming platform that unifies your operational and analytical data for any use case. The post Unlock Data Value: A Proven Framework To Implement Data Products appeared first on Whitepaper Repository –. By CONFLUENT 24 Feb 2025Business OperationsData ArchitectureDigital Transformation View all Video on demand videoHow to code an interactive shiny app to search Twitter: Do More With R bonus videoLearn how to turn code from Episode 41 into an interactive shiny Web app. 25 Jan 2020 16 minsAnalyticsSoftware Development AI and machine learning in action 22 Jan 2020 24 minsSoftware Development How to boost R Markdown interactivity with runtime Shiny 10 May 2019 13 minsJavaR LanguageSoftware Development How to use tidy eval in R 22 Mar 2019 8 minsAnalyticsFunctions as a ServiceR LanguageSee all videos Explore a topic Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy View all topics Show me morePopularArticlesPodcastsVideos news Linux, macOS users infected with malware posing as legitimate Go packages By Shweta Sharma 07 Mar 20253 mins MalwareSecurity feature 8 obstacles women still face when seeking a leadership role in IT By Christina Wood 07 Mar 20258 mins CareersIT Leadership feature What is risk management? Quantifying and mitigating uncertainty By Josh Fruhlinger 07 Mar 202510 mins IT Governance FrameworksIT LeadershipRisk Management podcast CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 12 Feb 202527 mins Security podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 07 Aug 202417 mins CSO and CISO podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) 17 Jul 202417 mins CSO and CISO video CSO Executive Sessions: How cybersecurity impacts company ratings – A fey factor for investors and consumers 12 Feb 202527 mins Security video CSO Executive Sessions: How should software solution providers keep themselves and their enterprise clients safe? 26 Jan 202518 mins Security video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 2) 14 Nov 202415 mins Critical InfrastructureIT GovernanceSupply Chain