On September 14, 2022, the Office of Management and Budget (“OMB”) issued a memorandum on Enhancing the Security of the Software Supply Chain through Secure Software Development Practices (“OMB Memo”) ...

What does it take to make secure software? The Open Source Security Foundation (OpenSSF) has a few ideas (10 of them, in fact). This week at the OpenSSF Day Japan event in Tokyo, the nonprofit group ...

Not only are we less clear about who is developing software, but we are also less confident about our total inventory of ...

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...

For all the scary talk about cyberattacks from vendors and industry experts, relatively few attacks are actually devastating. But the Jaguar Land Rover (JLR) attack was. The JLR breach wasn’t some ...

Microsoft on Wednesday offered a progress report on its "Secure Future Initiative" (SFI). The announcement by Bret Arsenault, Microsoft's corporate vice president and chief cybersecurity advisor, ...

Professional and state-sponsored hacking groups are dedicating more time, money, and effort to cybercrime every year. Threat actors use novel techniques in new types of attacks that some of the ...

Organizations must proactively manage developer risk through establishing a self-governance strategy—one that accounts for ...

Best ways to incorporate security into the software development life cycle Your email has been sent With the persistence of security issues in software development, there is an urgent need for ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Cory Benfield discusses the evolution of ...

Software security may finally be getting the attention it deserves as more countries institute necessary guidelines. But with threats increasing against the software supply chains, it is too soon to ...

As follow-on guidance to Office of Management and Budget’s (OMB) September 14, 2022 memo and the associated Executive Order on Improving the Nation’s Cybersecurity from May 2021, the Cybersecurity and ...