Chris Eng, chief research officer at Veracode, recently joined Dennis Fisher on the Decipher podcast to talk about the company's new State of Software Security report and trends in enterprise security.
The requirement for vendors to provide a software bill of materials for the apps they sell to federal agencies will only address part of the supply chain risk, experts say.
Idan Plotnik of Apiiro Security discusses the value of a risk-based approach to software development and deployment.
SolarWinds is testing a system of parallel build servers to help prevent a future supply chain attack on its infrastructure.
GitHub has patched a flaw in a backend system that in rare cases could have routed one user's authenticated session to another user's browser.