Market Reports
Wiz Acquisition: Winners, Losers, and the Multi-Cloud...Future?
In this blog, we give a nuanced perspective on Google’s 32 billion dollar Wiz acquisition - one that clearly communicates who wins and loses
James Berthoty
James has worked across most areas of the security industry - from IT, to DevOps to security operations. He created Latio as a resource for engineers to find the best security tools for their environment.
Market Reports
Supply Chain Security is FUBAR - A Proposal for GitHub
Three things GitHub could do to vastly improve security capabilities
Market Reports
Understanding and Re-Creating the tj-actions/changed-files Supply Chain Attack
Another reason runtime security is so important, and patching ain't what it seems
Market Reports
The Great CNAPP Re-bundle
In this article, we discuss Check Point and Palo’s transitions are an acknowledgement that the fight for the “posture” side of CNAPP is are over
Report
2025 AI AutoFixing Tools Guide
Evaluating the AI AppSec Engineering Hype
Blog
Announcing OpenGrep
And the importance of a commoditized SAST
Blog
Wiz Defend-ing Their Flank
An early preview of Wiz Defend, and the next 5 years of runtime focused CNAPP
Blog
Part 2: Static vs Runtime Reachability
Part 2 of our reachability 3 part series explores the pros and cons of two emerging types of reachability
Technical Guides
How to do Vulnerability Prioritization
A helpful guide to help teams understand what goes into choosing what to fix and when
Technical Guides
Why and How to Implement Seccomp Policies
Explaining the use cases and how to implement an under-discussed Kubernetes feature
Product Reviews
What do I think about Wiz Code?
Answering my most received question from the last 2 weeks
CUPS Vulnerability Response Resources
Resources and analysis on the latest zero days: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177