Tony Loehr
Developer Advocate
-
November 10, 2022
Shifting Security Left with the Cycode CLI
Security doesn’t begin with developers, but they are often affected by security. In my career as a developer, I would...
-
October 24, 2022
Security Advisory: Text4Shell Attack
The IconBurst attack is a software supply chain attack designed to grab data from apps and websites. This attack campaign...
-
July 11, 2022
Security Advisory: IconBurst Attack
The IconBurst attack is a software supply chain attack designed to grab data from apps and websites. This attack campaign...
-
June 16, 2022
ISO 27001 Compliance
CrateDepression is a software supply chain attack designed to target GitLab CI Pipelines by impersonating legitimate Rust packages and their...
-
May 22, 2022
Security Advisory: CrateDepression
CrateDepression is a software supply chain attack designed to target GitLab CI Pipelines by impersonating legitimate Rust packages and their...
-
May 20, 2022
PCI DSS Compliance Requirements
PCI DSS is a strict compliance standard, especially with respect to penalties. The potential costs of a security breach include...
-
May 4, 2022
DevSecOps Tools: How Security Tools Improve DevOps Velocity
To support effective DevSecOps operations, organizations should consider the following difficulties in enforcing security within DevOps workflows...
-
April 20, 2022
SOC 2 Type II Compliance
SOC 2 Type II is prescribed to organizations handling sensitive information to verify the safe handling of precious data.
-
April 19, 2022
GitHub OAuth Compromise Affecting Heroku and Travis-CI Users
On April 15, GitHub Security announced that it experienced a software supply chain attack on many of its private repositories...
-
March 15, 2022
FedRAMP Compliance for Cloud Service Providers
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program serving as a framework for security assessment, authorization,...
-
March 10, 2022
Using the Principle of Least Privilege for Maximum Security
It's a simple concept, so why doesn't every organization enforce the principle of least privilege?
-
March 3, 2022
Cycode Workflows: No-Code Automated Alerting & Remediation
Cycode workflows allow users to automate security functions such as alerting, ticketing, and remediation that respond directly to triggered violations...