Carolynn Van Arsdale

Boston

Manager, Content Marketing at ReversingLabs

Cyber Content Marketer @ReversingLabs, Fmr. Correspondent @SecurityLedger. Tweeting about cybersecurity, music, travel & more. Opinions are my own. she/her.

Featured in: Favicon

securityledger.com Favicon

securityboulevard.com Favicon

vtcynic.com Favicon

reversinglabs.com Favicon

newsbreak.com

Articles

What is the xBOM?

1 month ago | securityboulevard.com | Carolynn Van Arsdale

The software supply chain has never been more complex — or more critical to secure. For years, the Software Bill of Materials (SBOM) has been the go-to tool for documenting components within software, offering much-needed visibility into what’s under the hood. It is called out by Executive Order 14028, as well as the EU Digital Operational Resilience Act (DORA) and EU Cyber Resilience Act (CRA).
Verizon 2025 DBIR: Third-party software risk takes the spotlight

1 month ago | securityboulevard.com | Carolynn Van Arsdale

It’s that time of year again: Verizon Business has released the 2025 edition of the Data Breach Investigations Report (DBIR), its 18th-annual report on cybercrime. The DBIR is famous for how well it captures the current state of things, analyzing tens of thousands of security incidents to understand the current threat landscape.
Verizon 2025 DBIR: Third-party software risk takes the spotlight

1 month ago | reversinglabs.com | Carolynn Van Arsdale

It’s that time of year again: Verizon Business has released the 2025 edition of its Data Breach Investigations Report (DBIR), the 18th annual report of its kind. The DBIR is famous for how it captures the current state of cybercrime, analyzing tens of thousands of security incidents to understand the current threat landscape — and its humorous commentary.
The race to secure the AI/ML supply chain is on - get out front

2 months ago | securityboulevard.com | Carolynn Van Arsdale

The explosive growth in the use of generative artificial intelligence (gen AI) has overwhelmed enterprise IT teams. To keep up with the demand for new AI-based features in software — and to deliver software faster in general — development teams have embraced machine learning-based AI coding tools. Hugging Face, a leading AI development platform, said in September 2024 that it had hit a milestone by hosting 1 million ML models — up from just 300,000 in 2023. That fast growth comes with a price.
CVEs lose relevance: Get proactive - and think beyond vulnerabilities

2 months ago | securityboulevard.com | Carolynn Van Arsdale

Application security (AppSec) would not have existed for the past 25 years without the Common Vulnerabilities and Exposures (CVEs), the numbering system used for identifying discovered vulnerabilities in software. After the creation and adoption of the system in 1999, major companies such as Microsoft quickly began contributing CVE discoveries, using the Common Vulnerability Scoring System (CVSS) to convey the severity of a flaw.
Crypto malware attacks: 23 supply chain incidents set off alarms

2 months ago | reversinglabs.com | Carolynn Van Arsdale

Bank robbers, it has long been said, rob banks because that’s where the money is. Increasingly for cybercriminals and nation-state threat actors, the infrastructure and applications supporting cryptocurrency are where the money is. And indeed, the global cryptocurrency market cap as of March 24 stood at $2.99 trillion, according to Forbes. Last year, several crypto-motivated attacks on the software supply chain were carried out using open-source software (OSS) repositories.
Crypto malware attacks: 23 supply chain incidents set off alarms

2 months ago | securityboulevard.com | Carolynn Van Arsdale

Bank robbers, it has long been said, rob banks because that’s where the money is. Increasingly for cybercriminals and nation-state threat actors, the infrastructure and applications supporting cryptocurrency are where the money is. And indeed, the global cryptocurrency market cap as of March 24 stood at $2.99 trillion, according to Forbes. Last year, several crypto-motivated attacks on the software supply chain were carried out using open-source software (OSS) repositories.
Why shift left alone isn’t enough to manage software risk

Nov 19, 2024 | securityboulevard.com | Carolynn Van Arsdale

Application security wouldn’t be what it is today without “shift left,” the concept that security practices should be handled much earlier in the software development lifecycle (SDLC). Shift left brought about new era strategies such as DevSecOps that made security a priority for developers as well as AppSec teams, pushing some security responsibility to software engineers.
4 key takeaways for software security teams

Sep 18, 2024 | securityboulevard.com | Carolynn Van Arsdale

Since 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been a proponent of software bills of materials (SBOMs) as a tool that can help secure the software supply chain. The policy grew out of the White House's 2021 Executive Order 14028 and was developed further with the National Telecommunications and Information Administration's release of "The Minimum Elements for a Software Bill of Materials (SBOM)" [PDF ] . SBOM adoption has risen since then.
CISA SBOM-a-rama: 4 key takeaways for software security teams

Sep 18, 2024 | reversinglabs.com | Carolynn Van Arsdale

Since 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been a proponent of software bills of materials (SBOMs) as a tool that can help secure the software supply chain. The policy grew out of the White House’s 2021 Executive Order 14028 and was developed further with the National Telecommunications and Information Administration’s release of “The Minimum Elements for a Software Bill of Materials (SBOM)” [PDF]. SBOM adoption has risen since then.