A SonarQube vendor article explaining how their SAST/SCA platform helps organizations comply with the EU's Cyber Resilience Act by automating code verification for both human-written and AI-generated code, mapping specific platform capabilities to CRA regulatory mandates around vulnerability minimization, supply chain security, and audit trails.
Analysis of 15,000+ top PyPI packages reveals only 1.58% ship with SBOMs (238 packages), all CycloneDX format with zero SPDX adoption. The study, enabled by PyPI-TEA (a PEP 770 bridge to the Transparency Exchange API), identified 37 invalid SBOMs all tracing to a single cargo-cyclonedx bug and highlights the urgent need for improved SBOM adoption in the Python ecosystem.
A curated catalog of cybersecurity products across multiple categories including hypervisor security (Vali Cyber ZeroLock), autonomous penetration testing (Horizon3 NodeZero), agentless Linux EDR (Sandfly), threat intelligence (GreyNoise), cloud identity security (Permiso), supply chain security (Socket), and network detection/response (Corelight). Each product includes a brief description of capabilities and use cases.
Opinion piece critiquing Meta's acquisition of Moltbook and OpenAI's hiring of OpenClaw creator Peter Steinberger, highlighting severe security vulnerabilities in both platforms including unauthenticated database access, remote code execution (CVE-2026-25253), secret key exposure, and malware in the OpenClaw skills marketplace.
Geoffrey Huntley discusses how AI is reshaping software development versus engineering, arguing that traditional coding skills are becoming commoditized while software engineering (focused on safe systems design, risk management, and automation loops) remains valuable. He contends that open-source is declining due to AI-generated code, vendor lock-in is eroding, and true competitive moats now lie in business factors rather than technical differentiation.
This geopolitical analysis argues that U.S. AI systems are critically vulnerable to foreign cyberattacks and espionage due to weak defenses, with China, Iran, and Russia actively targeting AI infrastructure, training data, and model weights to steal intellectual property and accelerate their own development.