-
December 20, 2023
Connecting the Dots: NIST SSDF, Self-Attestation, and a Complete ASPM Platform
In today’s hyper-connected world, secure software development is no longer an option, it’s a necessity. Yet achieving true security demands...
-
October 5, 2023
Controlled Shift Left: A Strategic Blueprint for Modern Software Security with Cycode
In the dynamic realm of software development, the concept of “Shift Left” has evolved from a mere buzzword to a...
-
September 14, 2023
Secure Development Best Practices: Building Resilient Software Applications
With the rise of cloud-native software and the more recent explosion in the use of generative AI, the importance of...
-
August 15, 2023
Understanding Software Bill of Materials (SBOM): Enhancing Transparency and Security in Software Supply Chains
We will explore the background of SBOM and SLSA compliance by reviewing the executive order. Then, we will explain what...
-
August 9, 2023
The JumpCloud Attack: What We Know So Far
In a recent cybersecurity incident, North Korean hackers targeted JumpCloud, an enterprise software company. Mandiant, CrowdStrike and SentinelOne attributed the...
-
July 12, 2023
How to Mitigate the 6 Threats on your CI/CD Environment Listed in CISA & NSA CSI
Continuous Integration and Continuous Deployment (CI/CD) environments are integral to the modern...
-
April 25, 2023
SLSA 1.0: Improving Software Supply Chain Security
The OpenSSF recently made a big announcement with the release of SLSA (Supply-chain Levels for Software Artifacts) version 1.0...
-
January 16, 2023
Detecting and Mitigating Source Code Compromise in the Wake of the CircleCI Incident
On January 4th, 2023, CircleCI reported a data breach that...
-
January 5, 2023
Security Advisory: CircleCI Security Breach
CircleCI was breached. If you are using this tool immediately rotate all stored secrets and environment variables in CircleCI. These...
-
March 22, 2022
Hardening Your SDLC in Response to Lapsus$ Breaches
Over the last several weeks, Lapsus$ has taken down a who's who of software development teams: NVIDIA, Samsung, Vodafone, Ubisoft,...
-
December 15, 2020
Six AppSec Learnings from SolarWinds
The SolarWinds incident is a rapidly evolving situation as more and more organizations realize they’ve been breached. We don’t know...
-
September 9, 2020
OWASP SAMM Framework: What You Need to Know
We here at Cycode passionately advocate for protecting your source code and the secrets within it throughout its lifecycle and...