Insights from experts shaping secure development
Access expert content on secure coding, AI governance, and software risk management.

The XZ Utils backdoor in Linux points to a wider supply chain security issue, and we need more than community spirit to keep it at bay
A critical vulnerability, CVE-2024-3094, was discovered in the XZ Utils data compression library used by major Linux distributions, introduced through a backdoor by a threat actor. This high-severity issue allows for potential remote code execution, posing significant risks to software build processes. The flaw affects early versions (5.6.0 and 5.6.1) of XZ Utils in Fedora Rawhide, with an urgent call for organizations to implement patches. The incident underscores the critical role of community volunteers in maintaining open-source software and highlights the need for enhanced security practices and access control within the software development lifecycle.

Reaping the benefits of AI innovation depends on starting with secure code
Generative AI offers financial services companies a lot of advantages, but also a lot of potential risk. Training developers in security best practices and pairing them with AI models can help create secure code from the start.

Harnessing AI and proactive measures for effective management of vulnerability alerts
Secure Code Warrior and Mend.io discuss impacts of AI on security, proactive security approaches, and effective management of vulnerability alerts.

Security as culture: How Blue Prism cultivates world-class secure developers
Learn how Blue Prism, the global leader in intelligent automation for the enterprise, used Secure Code Warrior's agile learning platform to create a security-first culture with their developers, achieve their business goals, and ship secure code at speed
%252520%252520(3).avif)
Supercharged Security Awareness: How Tournaments are Inspiring Developers at Erste Group
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

How a ‘Game of Codes’ is leading IAG Group to a more secure coding future
IAG Group is the name behind many of the leading insurancecompanies in the Asia-Pacific region, underwriting policies formillions of customers to the tune of approximately AUD $11.4 Billionin premiums per annum.

SD Times: AI-Assisted Development Multiplies Human Error: What’s Your AI Governance and Risk Management Strategy?
According to a recent report from Gartner, the rampant use of shadow AI and rogue automation is further fueling the proliferation of AI vulnerabilities. Gartner notes that 32% of IT workers using generative AI tools at work say they keep them hidden from cybersecurity teams. Combined with low-code/no-code platforms and vibe coding practices, the AI copilots are greatly expanding the enterprise attack surface.

Cybersecurity Tribe: What Separates Real AI Governance From Policy Theater
For this article, we asked a central question for security and risk leaders: "What differentiates a policy that genuinely mitigates enterprise risk from one that exists primarily to demonstrate that the organization has acknowledged AI risk?"
Trust Agent:AI - Secure and scale AI-Drive development
AI is writing code. Who’s governing it? With up to 50% of AI-generated code containing security weaknesses, managing AI risk is critical. Discover how SCW's Trust Agent: AI provides the real-time visibility, proactive governance, and targeted upskilling needed to scale AI-driven development securely.

The Power of OpenText Application Security + Secure Code Warrior
OpenText Application Security and Secure Code Warrior combine vulnerability detection with AI Software Governance and developer capability. Together, they help organizations reduce risk, strengthen secure coding practices, and confidently adopt AI-driven development.

Secure Code Warrior corporate overview
Secure Code Warrior is an AI Software Governance platform designed to enable organizations to safely adopt AI-driven development by bridging the gap between development velocity and enterprise security. The platform addresses the "Visibility Gap," where security teams often lack insights into shadow AI coding tools and the origins of production code.









