Creating a Software Bill of Materials (SBOM) is crucial to software supply chain security management. It helps fortify your software supply chain and reduces the likeliness of your software being exploited. But did you know there's a way to enhance your software's security further? Well, that's when API inventory comes into the picture. Including API inventory in your SBOM can make your software solution more resilient to cyberattacks.

Often security engineers find it difficult to scale secure code review processes either due to lack of funding, adoption to smaller sprint cycles or even security engineers failing to integrate security to agile philosophy. This post talks about various ways to address such challenges.

APIs, formally known as application programming interfaces, occupy a significant position in modern software development. They revolutionized how web applications work by facilitating applications, containers, and microservices to exchange data and information smoothly. Developers can link APIs with multiple software or other internal systems that help businesses to interact with their clients and make informed decisions.

Many API-related breaches do not result from sophisticated attackers or diligent security researchers but stem from improper API design and implementation. Recent incidents at Clubhouse, John Deere, and Experian serve as examples, highlighting the consequences of neglecting basic API security practices. To safeguard against security risks, comprehensive API security testing becomes essential, ensuring APIs align with published specifications and are resilient to malicious inputs and attacks.

Introducing Synopsys AI code analysis API With generative AI tools like ChatGPT, GitHub Copilot, and Tabnine flooding the software development space, software developers are quickly adopting these technologies to help automate everyday development tasks.

The integration of machine learning into software development is revolutionizing the field, automating tasks and generating complex code snippets at an unprecedented scale. However, this powerful paradigm shift also presents significant challenges including the risk of introducing security flaws into the codebase. This issue is explored in depth in the paper Do Users Write More Insecure Code with AI Assistants? by Neil Perry, Megha Srivastava, Deepak Kumar, and Dan Boneh.

In an ideal world, security incidents result in minimal damage, and we can learn from them to improve our future defenses. Fortunately, such appears to be the case with JumpCloud. According to JumpCloud’s blog post, its recent security incident impacted fewer than 5 JumpCloud customers and fewer than 10 devices. Moreover, working together with their incident response (IR) partner Crowdstrike (also a Salt Security partner), JumpCloud has mitigated the attack vector used by the threat actor.

The growing use of APIs in various business areas exposes organizations to new security risks. An analysis of data breaches reveals that US companies could face losses ranging from $12 billion to $23 billion in 2022 due to compromises linked to APIs. Lack of visibility plays a major role in the rise of API breaches. The lack of visibility inherently creates blind spots. How do you overcome the problem of hidden APIs?

Did you know that Bearer offers the ability to automatically compile the privacy information Legal teams need from Security and Engineering teams?