Blog
Qix NPM Supply Chain Attack: What Teams Need to Know
Responder Resources
Blog
Blog
Top RSAC 2025 Takeaways
The key takeaways after attending RSAC 2025 for practitioners and buyers
Blog
Part 3: Understanding the Different Types of Runtime Reachability
Pt. 3 of our runtime reachability series uncovers the different types of runtime reachability
Blog
Runtime Cloud Security in 2025
Unpacking Runtime Cloud Security in 2025, explaining CADR with use cases, and more
Blog
What is Code to Cloud, and Does it Matter?
This post covers what code to cloud is, if it's important, and why it should matter
Market Reports
Wiz Acquisition: Winners, Losers, and the Multi-Cloud...Future?
In this blog, we give a nuanced perspective on Google’s 32 billion dollar Wiz acquisition - one that clearly communicates who wins and loses
Market Reports
Supply Chain Security is FUBAR - A Proposal for GitHub
Three things GitHub could do to vastly improve security capabilities
Market Reports
Understanding and Re-Creating the tj-actions/changed-files Supply Chain Attack
Another reason runtime security is so important, and patching ain't what it seems
Market Reports
The Great CNAPP Re-bundle
In this article, we discuss Check Point and Palo’s transitions are an acknowledgement that the fight for the “posture” side of CNAPP is are over
Blog
Announcing OpenGrep
And the importance of a commoditized SAST
Blog
Wiz Defend-ing Their Flank
An early preview of Wiz Defend, and the next 5 years of runtime focused CNAPP
Technical Guides
Part 2: Static vs Runtime Reachability
Part 2 of our reachability 3 part series explores the pros and cons of two emerging types of reachability