Rise of the xBOM: The new go-to tool for software security
The more cybersecurity leaders and software builders operationalize software bills of materials (SBOMs) to convey trust and transparency, the more they’re running into the traditional SBOM’s visibility limitations. As valuable as they are, SBOMs — as defined by the software industry — can offer only part of the software supply ... Read More
The cybersecurity job market is complicated: 3 key insights
The state of the cybersecurity job market can seem like a perplexing paradox. On one hand, you’ve got frothy statistics from the likes of ISC2 stating that cybersecurity workforce shortages total 4.8 million positions or more. On the other, you’ve got an ever-growing cadre of newly cyber-certified and -degreed candidates ... Read More
The cybersecurity ‘fog of war’: How to apply data science to cut through
One of the biggest problems cybersecurity teams face is the overwhelming uncertainty of situations as cyberattacks unfold. It’s hard to know what mitigations to work on first, which systems are most likely to risk business loss as threat rapidly moves across a network — and how to fix root problems ... Read More
Agentic AI and software development: Here’s how to get ahead of rising risk
As technology leadership pushes ever harder to deeply embed AI agents into software development lifecycles — in some cases, even using agentic AI to replace midlevel developers — application security (AppSec) is about to go from complex to a lot more complicated ... Read More
CISA cybersecurity performance goals: 7 action items to boost your AppSec
The U.S. Cybersecurity Infrastructure Security Agency (CISA) recently released new guidance on its Secure by Design principles, outlining best practices that the IT sector should take to reduce the cyber-risks its products are exposing its customers to ... Read More
AI is a double-edged sword: Why you need new controls to manage risk
As with just about every part of business today, cybersecurity has been awash in the promises of what AI can do for its tools and processes. In fact, cybersecurity vendors have touted the power of algorithmic detection and response for years ... Read More
AppSec vs. product security: Secure by Design demands a strategy shift
For the Secure by Design initiative of the Cybersecurity and Infrastructure Security Agency (CISA) to really change the security landscape, the scope of traditional application security (AppSec) will need to expand considerably beyond shifting code testing left (earlier in the software development lifecycle). What is required is a more holistic ... Read More
Threat modeling and binary analysis: Supercharge your software risk strategy
One of the trickiest problems organizations face with securing their software supply chain is making risk decisions without really understanding where the biggest threats lie in their software, whether open source or commercial. Even with a full slate of application security testing (AST), without modernizing your approach with software supply chain ... Read More
‘Good, fast, cheap… Pick two’: Software quality dilemma forces risky decisions
One of the prevailing proverbs of application development is the truth about the so-called iron triangle — that when developing software you’ve got three options: good, fast, and cheap. But you can only pick two. Good can have varying definitions but for most it’s a solid stand-in for "quality," of ... Read More
