Security

What is VEX and why should I care?

What is VEX and why should I care?

An SBOM without VEX is like peanut butter without jelly. SBOM has been the top buzzword in cyber-security lately, but important to understand why VEX (Vulnerability Exploitability eXchange) is such a critical companion document

Exploring Risk: Understanding Software Supply Chain Attacks

Exploring Risk: Understanding Software Supply Chain Attacks

Naming and understanding the attack vectors at the disposal of our adversaries.

SBOMs are just a means to an end

SBOMs are just a means to an end

Software has eaten the world. Modern society is dependent on software for everything from communicating with family to the medical devices keeping our loved ones alive. But do you know what goes into that software? If your answer was sticky tape and glue you clearly work in technology. Congratulations, this article is for you.

Introducing the OpenSSF Scorecard API

Introducing the OpenSSF Scorecard API

The Scorecard API makes it easier to automate and enforce your dependency policies. Naveen is one of the key contributors to the Scorecard projects, in this article, he walks through how it works!

What security teams need to know about software development

What security teams need to know about software development

This article is meant to help security teams begin their threat models and make more informed risk management decisions regarding their software development practices.