
CISA cybersecurity performance goals: 7 action items to boost your AppSec
The U.S. Cybersecurity Infrastructure Security Agency (CISA) recently released new guidance on its Secure by Design principles, outlining best practices that the IT sector should take to reduce the cyber-risks its products are exposing its customers to ... Read More

AI is a double-edged sword: Why you need new controls to manage risk
As with just about every part of business today, cybersecurity has been awash in the promises of what AI can do for its tools and processes. In fact, cybersecurity vendors have touted the power of algorithmic detection and response for years ... Read More

AppSec vs. product security: Secure by Design demands a strategy shift
For the Secure by Design initiative of the Cybersecurity and Infrastructure Security Agency (CISA) to really change the security landscape, the scope of traditional application security (AppSec) will need to expand considerably beyond shifting code testing left (earlier in the software development lifecycle). What is required is a more holistic ... Read More

Threat modeling and binary analysis: Supercharge your software risk strategy
One of the trickiest problems organizations face with securing their software supply chain is making risk decisions without really understanding where the biggest threats lie in their software, whether open source or commercial. Even with a full slate of application security testing (AST), without modernizing your approach with software supply chain ... Read More

‘Good, fast, cheap… Pick two’: Software quality dilemma forces risky decisions
One of the prevailing proverbs of application development is the truth about the so-called iron triangle — that when developing software you’ve got three options: good, fast, and cheap. But you can only pick two. Good can have varying definitions but for most it’s a solid stand-in for "quality," of ... Read More

‘Good, fast, cheap… Pick two’: Software quality dilemma forces risky decisions
One of the prevailing proverbs of application development is the truth about the so-called iron triangle — that when developing software you’ve got three options: good, fast, and cheap. But you can only pick two. Good can have varying definitions but for most it’s a solid stand-in for "quality," of ... Read More

Cybersecurity’s workforce woes are a myth: 5 ways to rethink recruiting
The threat landscape is more challenging than ever, and the cybersecurity workforce is dogged by overwork and burnout. No wonder there's a cybersecurity talent shortage. Or is there? ... Read More

Software complexity is a real problem — and your AppSec must factor that in
Achieving strong application security is hard even when AppSec and development teams are overseeing the simplest applications and the most streamlined application portfolios. But "simple" is relative. Most modern software products are complex, often weighing in at over 10GB, with thousands of components in them ... Read More

The state of DevSecOps: Why upgrading your AppSec tooling is essential
DevSecOps started getting written and talked about a decade ago, and today many companies are paying attention to the best-practices recommendations put forth in the press and conferences. In fact, a report released by GitLab earlier this year showed that, as of last year, a majority of companies — 56% ... Read More