Learn
Security concepts, explained without the fog
A growing library of plain-language explainers, 6 published and more being written. Each one answers its question directly in the first paragraph.
Testing techniques
- What is SAST
- What is DAST
- What is SCA
- Taint analysis, explained soon
- False positives in security scanning soon
- Secrets detection soon
Bills of materials
- What is an SBOM
- What is a CBOM
- What is VEX
- What is a QBOM soon
- What is an AIBOM soon
- CycloneDX vs SPDX soon
Risk and prioritization
- CVSS, EPSS, and KEV soon
- Reachability analysis soon
- Known exploited vulnerabilities soon
- Supply chain attacks soon
Post-quantum
- Post-quantum cryptography, explained soon
- Harvest now, decrypt later soon
- Planning a PQC migration soon
Have a question these should answer? Tell us and we will write it.
Suggest a topic