Morningstar

CNCF Announces Graduation of in-toto Security Framework, Enhancing Software Supply Chain Integrity Across Industries

SAN FRANCISCO, April 23, 2025 /PRNewswire/ -- The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced the graduation of in-toto, ...
CSOonline

New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs

A new open framework has been launched to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the ...

One of the most popular web app frameworks has a major security flaw

Alas, no, as it turns out that a very popular web app framework, used heavily in servers around the world, has been ...
Dark Reading

MITRE Creates Framework for Supply Chain Security

Supply chain security has been all the buzz in the wake of high-profile attacks like SolarWinds and Log4j, but to date there is no single, agreed-on way to define or measure it. To that end, MITRE has ...
CSOonline

PCI Secure Software Standard version 1.2 sets out new payment security requirements

The introduction of the Web Software Module marks the end of initial efforts to launch the Software Security Framework, stated Andrew Jamieson, VP solution standards, PCI SCC, with the next phase of ...
Ars Technica

Framework’s software and firmware have been a mess, but it’s working on them

Since Framework showed off its first prototypes in February 2021, we’ve generally been fans of the company’s modular, repairable, upgradeable laptops. But even as it builds new upgrades for its ...
PC World

New Site Defines Best Practices For Software Security

How many security officers should there be for each software developer? Turns out the answer is one for every 100. This and other best software security best practices are now part of a joint project ...
VentureBeat

Executives and teams disagree on who is responsible for software security

Executives from the boardroom and the C-suite are realizing the damaging effect software supply chain attacks can have on their organizations, but they aren’t taking action. According to a recent ...
Forbes

The Critical Role Of Software Asset Management In Fortifying Security

Expertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. In today's digitally driven world, organizations face a constantly evolving threat landscape ...

Nvidia DGX Spark, NeMo:Critical security flaws threaten AI hardware and software

Attackers can exploit a critical security vulnerability in Nvidia's AI computer DGX Spark, among other things.
Ars Technica

Looking at Framework’s progress on software support for its repairable laptops

For the past five years, we’ve been paying a lot of attention to Framework, the upstart PC company focused on modular, repairable, upgradeable, and customizable laptop designs. So far, Framework has ...