When GenAI and low-code collide: What could go wrong for AppSec?

When GenAI and low-code collide: What could go wrong for AppSec?

If application security (AppSec) professionals thought the problems of code complexity, code bloat, and the poor state of software supply chain security (SSCS) were bad enough, they had better strap in. Things are about to get a heck of a lot worse with the cross-pollination of generative AI (GenAI) code ... Read More
7 ways to put your code on a diet — and improve AppSec in the process

7 ways to put your code on a diet — and improve AppSec in the process

Application security (AppSec) struggles mightily with scale. Applications must be protected, dependencies tracked, and vulnerabilities prioritized — it can be dizzying to keep tabs on it all. And most overwhelming of all is the sheer gravity of the typical enterprise codebase ... Read More
George Sandford - Don’t Get Tangled Up in Your Cape: Hero Culture as a Negative Force in Cyber

4 ways hero culture is killing your security program’s effectiveness

| | security operations
Who doesn't love a good hero? In the movies, when the hero swoops in and averts disaster, they receive copious accolades, everyone's satisfied, and the credits roll. In the sequels, new disaster scenarios that no one planned for unfold, but the hero is as fresh and ready as ever to ... Read More
The evolution of AppSec: 4 key changes required for a new era

The evolution of AppSec: 4 key changes required for a new era

Software development continues to swiftly advance and also to entail more complex dependencies, with continuous integration/continuous development (CI/CD) bringing faster code releases. Meanwhile, application security (AppSec) is struggling to keep up with its practices and tooling ... Read More
Developers behaving badly: Why holistic AppSec is key

Developers behaving badly: Why holistic AppSec is key

A recent survey shows that untested software releases, rampant pushing of unvetted and uncontrolled AI-derived code, and bad developer security are all culminating to seriously expand security risks across software development. Add in the explosion of low-code/no-code development and economic headwinds that are pressuring developers to deliver features with less ... Read More
How legacy AppSec is holding back Secure by Design

How legacy AppSec is holding back Secure by Design

After years of headline-popping software supply chain–related breaches — think SolarWinds, Log4j, 3CX, and MOVEit — software security advocates agree that organizations have to change the way they tackle application security (AppSec) ... Read More
App sec prioritization is priority No. 1 for CISOs

App sec prioritization is priority No. 1 for CISOs

As application security and DevSecOps teams try to get the most bang for their app sec buck, one of the perennial problems has been figuring out where to focus their secure coding and vulnerability remediation efforts. The scale of vulnerabilities that must be chased down in each application and the ... Read More
Synopsys Aim open source Microsoft data human cybersecurity organizations disaster cybersecurity ransomware HelpSystems human side of cybersecurity

Cybersecurity and Open Source Experts Up In Arms About the CRA

Provisions in the EU's proposed Cyber Resilience Act drew more fire from high-profile cybersecurity and open source technology advocates ... Read More
Security Boulevard
Threat modeling and the supply chain: An essential tool for managing risk across the SDLC

Threat modeling and the supply chain: An essential tool for managing risk across the SDLC

As organizations seek better ways to establish secure-by-design software, threat modeling can play a huge role in anticipating, avoiding, and planning for potential risks in software across all phases of the software development lifecycle (SDLC) — design, development, testing, and post-deployment.  ... Read More
Supply chain security: Is technical debt weighing your team down?

Supply chain security: Is technical debt weighing your team down?

Rampant lapses in software supply chain security don't manifest suddenly. They build up over months and years, one out-of-date component, overly permissive account, or misconfigured API at a time. And over time, these gaps mount up, like bad credit card debt on the ledger of supply chain security ... Read More