Independent intelligence for application security and software supply chain.
Daily reporting on supply chain attacks, security vendor moves, and standards changes that matter to engineers and compliance teams.
Featured coverage
Breach & incident coverage
Coverage of real breaches with response timelines and disclosure links. Recent reporting includes attacks on the npm ecosystem, popular CLI tools, IDE extensions, and major SaaS infrastructure.
Standards & frameworks
NIST guidance, OWASP frameworks, CISA advisories, EU regulatory updates, and the standards work that affects how production teams build and ship.
Vendor directory
Application security and software supply chain vendors organized by capability: SAST, DAST, SCA, SBOM management, secrets scanning, ASPM, CI/CD security, and API testing.
Glossary & reference
Definitions in plain English covering application security, software supply chain, vulnerability management, AI security, identity, threat modeling, and DevSecOps.
Latest Articles
Browse all 936 articlesTerm of the Day
Browse all 247 termsSecure Software Development Lifecycle
A Secure Software Development Lifecycle is an approach to building software that integrates security considerations into every phase of the development process, rather than treating security as an afterthought or a single checkpoint. It includes activities such as defining security requirements, performing secure design reviews, writing secure code, and conducting security testing throughout the project. The goal is to identify and address security issues as early as possible, which typically reduces risk and the cost of fixing vulnerabilities later.
Read full definitionVendor Directory Spotlight
Browse all 150 vendors
PortSwigger
Secure your applications, safeguard your future
PortSwigger is dedicated to web security by offering tools like Burp Suite, an enterprise-enabled dynamic web vulnerability scanner. Their software helps identify if web applications are vulnerable to attacks. By integrating security into Software Development Life Cycles (SDLCs), it assists organizations in conducting efficient penetration testing and maintaining cyber resilience. With the ability to automate recurring scans and provide intuitive reporting, PortSwigger empowers security professionals to better protect their organizations.

N-Stalker (acquired by Conviso)
Integrating security at every development stage
Conviso AppSec specializes in Application Security with a comprehensive platform designed to manage your AppSec posture. The Conviso Platform integrates security into the development cycle, centralizing processes in a modular and scalable manner tailored to your business's maturity. It provides continuous and automated security, enabling real-time threat detection with an AI-powered agent integrated into developers' workflows. With features that support secure design, active protection, and regulatory compliance, Conviso AppSec is positioned to help organizations protect against fraud and cyberattacks effectively.

StackHawk
Secure Your APIs, Accelerate Development Cycles
StackHawk, Inc. offers a comprehensive code-to-runtime AppSec platform designed to modernize API security testing. It enables developers to find security bugs earlier in the development process, ensuring schedules are not disrupted. The platform features automated workflows that integrate seamlessly with existing developer tools. Users can triage, identify, and investigate high-priority issues, trusting developers to mitigate risks prior to production. StackHawk also provides audit logs to verify the actions taken during the remediation process, promoting a secure development lifecycle.
Featured Resources
Browse all 7 resourcesOWASP API Security Top 10 - Free Practical Guide | Application Security Standards
Download the free 17-page guide to the OWASP API Security Top 10. Learn each API risk, how attackers exploit it, and the controls that stop them.


