Software Security

OMB Rolled Back the Rules. Security Did Not Get Easier

Sonatype | March 10, 2026 | Compliance, Federal, government, risk management, SBOM, software bill of materials, Software Security

The U.S. Office of Management and Budget (OMB)'s decision to rescind M-22-18 and M-23-16 and replace them with M-26-05 has been framed as a win for flexibility and a rollback of security ...

2024 Sonatype Blog

LLMs, AI, cyberattacks, access, identity, 1Password, Exabeam, LogRhythm, GenAI, censorship, model, RBAC, secure, Fortinet, SASE, Opal, access privileges, cloud security, GenAI, generative AI cloud compromise LLM

The New Security Reality: When AI Accelerates Both Attack and Defense

Moshe Bar | March 3, 2026 | agentic defense platforms, AI Integration, AI-driven vulnerability discovery, autonomous defense, Cybersecurity Automation, cybersecurity evolution, DevOps cycle, Large language models (LLMs), machine speed operations, risk assessment, security posture, Software Security, threat landscape, Vulnerability Exploitation, Vulnerability Management

Discover how the integration of large language models is transforming software security, lowering barriers for attackers, and necessitating autonomous defense platforms to keep pace with emerging threats ...

Security Boulevard

NDSS 2025 – JBomAudit: Assessing The Landscape, Compliance, And Security Implications Of Java SBOMS

Marc Handelman | February 28, 2026 | Applications & Policies, appsec education, cybersecurity education, Infosecurity Education, NDSS 2025, NDSS Symposium, Network Security, Security Conferences, Session 14A, Software Security

Session 14A: Software Security: Applications & Policies Authors, Creators & Presenters: Yue Xiao (IBM Research), Dhilung Kirat (IBM Research), Douglas Lee Schales (IBM Research), Jiyong Jang (IBM Research), Luyi Xing (Indiana University ...

Infosecurity.US

NDSS 2025 – CASPR: Context-Aware Security Policy Recommendation

Marc Handelman | February 27, 2026 | Applications & Policies, appsec education, NDSS 2025, NDSS Symposium, Network Security, Security Conferences, Session 14A, Software Security

Session 14A: Software Security: Applications & Policies Authors, Creators & Presenters: All From The Institute of Information Engineering, Chinese Academy of Sciences: Lifang Xiao, Hanyu Wang, Aimin Yu, Lixin Zhao, Dan Meng ...

Infosecurity.US

NDSS 2025 – Enhancing Security In Third-Party Library Reuse

Marc Handelman | February 27, 2026 | Applications & Policies, appsec education, cybersecurity education, Infosecurity Education, NDSS 2025, NDSS Symposium, Network Security, Security Conferences, Session 14A, Software Security

Session 14A: Software Security: Applications & Policies Authors, Creators & Presenters: Shangzhi Xu (The University of New South Wales), Jialiang Dong (The University of New South Wales), Weiting Cai (Delft University of ...

Infosecurity.US

NDSS 2025 – Retrofitting XoM For Stripped Binaries Without Embedded Data Relocation

Marc Handelman | February 26, 2026 | appsec education, Code and Compiler, cybersecurity education, Infosecurity Education, NDSS 2025, NDSS Symposium, Network Security, Security Conferences, Session 13D, Software Security

Session 13D: Software Security: Code and Compiler Authors, Creators & Presenters: Chenke Luo (Wuhan University), Jiang Ming (Tulane University), Mengfei Xie (Wuhan University), Guojun Peng (Wuhan University), Jianming Fu (Wuhan University) PAPER ...

Infosecurity.US

NDSS 2025 – Translating C To Rust: Lessons From A User Study

Session 13D: Software Security: Code and Compiler Authors, Creators & Presenters: Ruishi Li (National University of Singapore), Bo Wang (National University of Singapore), Tianyu Li (National University of Singapore), Prateek Saxena (National ...

Infosecurity.US

NDSS 2025 – type++: Prohibiting Type Confusion With Inline Type Information

Marc Handelman | February 25, 2026 | appsec education, Code and Compiler, cybersecurity education, Infosecurity Education, NDSS 2025, NDSS Symposium, Network Security, Security Conferences, Session 13D, Software Security

Session 13D: Software Security: Code and Compiler Authors, Creators & Presenters: Nicolas Badoux (EPFL), Flavio Toffalini (Ruhr-Universität Bochum, EPFL), Yuseok Jeon (UNIST), Mathias Payer (EPFL) PAPER type++: Prohibiting Type Confusion with Inline ...

Infosecurity.US

Guardrails Make AI-Assisted Development Safer By Design

Aaron Linskens | January 6, 2026 | AI, Artificial Intelligence, dependencies, Events and Webinars, MCP, MCP server, Model Context Protocol, Software Security

AI coding assistants are rapidly becoming part of everyday software development. From generating boilerplate code to suggesting entire dependency stacks, these tools promise faster delivery and higher productivity ...

2024 Sonatype Blog

NDSS 2025 – GadgetMeter: Quantitatively And Accurately Gauging The Exploitability Of Speculative Gadgets

Marc Handelman | December 22, 2025 | appsec education, cybersecurity education, Infosecurity Education, NDSS 2025, NDSS Symposium, Network Security, Security Conferences, Session 6D, Software Security, vulnerability detection

Session 6D: Software Security: Vulnerability Detection Authors, Creators & Presenters: Qi Ling (Purdue University), Yujun Liang (Tsinghua University), Yi Ren (Tsinghua University), Baris Kasikci (University of Washington and Google), Shuwen Deng (Tsinghua ...

Infosecurity.US

OMB Rolled Back the Rules. Security Did Not Get Easier

The New Security Reality: When AI Accelerates Both Attack and Defense

NDSS 2025 – JBomAudit: Assessing The Landscape, Compliance, And Security Implications Of Java SBOMS

NDSS 2025 – CASPR: Context-Aware Security Policy Recommendation

NDSS 2025 – Enhancing Security In Third-Party Library Reuse

NDSS 2025 – Retrofitting XoM For Stripped Binaries Without Embedded Data Relocation

NDSS 2025 – Translating C To Rust: Lessons From A User Study

NDSS 2025 – type++: Prohibiting Type Confusion With Inline Type Information

Guardrails Make AI-Assisted Development Safer By Design

NDSS 2025 – GadgetMeter: Quantitatively And Accurately Gauging The Exploitability Of Speculative Gadgets

83% of Cloud Breaches Start with Identity, AI Agents Are About to Make it Worse

The White House Got the Cyber Strategy Right — By Knowing What Not to Do

Meta’s AI Safety Chief Couldn’t Stop Her Own Agent. What Makes You Think You Can Stop Yours?

Anthropic Didn’t Kill Cybersecurity. It Just Reminded Us There Are Two Doors

The Chicken Littles of Silicon Valley: Why AI Doomsayers Are Repeating History’s Greatest Mistake

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On