Where GenAI intersects with threat modeling: 3 key benefits for AppSec
As application security (AppSec) security leaders seek to drive Security by Design initiatives in 2024, threat modeling is becoming more prevalent. In one recent study, 73% of companies said they do threat modeling of their software at least annually, and half said they do it for every release. And 74% ... Read More
When GenAI and low-code collide: What could go wrong for AppSec?
If application security (AppSec) professionals thought the problems of code complexity, code bloat, and the poor state of software supply chain security (SSCS) were bad enough, they had better strap in. Things are about to get a heck of a lot worse with the cross-pollination of generative AI (GenAI) code ... Read More
7 ways to put your code on a diet — and improve AppSec in the process
Application security (AppSec) struggles mightily with scale. Applications must be protected, dependencies tracked, and vulnerabilities prioritized — it can be dizzying to keep tabs on it all. And most overwhelming of all is the sheer gravity of the typical enterprise codebase ... Read More
4 ways hero culture is killing your security program’s effectiveness
Who doesn't love a good hero? In the movies, when the hero swoops in and averts disaster, they receive copious accolades, everyone's satisfied, and the credits roll. In the sequels, new disaster scenarios that no one planned for unfold, but the hero is as fresh and ready as ever to ... Read More
The evolution of AppSec: 4 key changes required for a new era
Software development continues to swiftly advance and also to entail more complex dependencies, with continuous integration/continuous development (CI/CD) bringing faster code releases. Meanwhile, application security (AppSec) is struggling to keep up with its practices and tooling ... Read More
Developers behaving badly: Why holistic AppSec is key
A recent survey shows that untested software releases, rampant pushing of unvetted and uncontrolled AI-derived code, and bad developer security are all culminating to seriously expand security risks across software development. Add in the explosion of low-code/no-code development and economic headwinds that are pressuring developers to deliver features with less ... Read More
How legacy AppSec is holding back Secure by Design
After years of headline-popping software supply chain–related breaches — think SolarWinds, Log4j, 3CX, and MOVEit — software security advocates agree that organizations have to change the way they tackle application security (AppSec) ... Read More
App sec prioritization is priority No. 1 for CISOs
As application security and DevSecOps teams try to get the most bang for their app sec buck, one of the perennial problems has been figuring out where to focus their secure coding and vulnerability remediation efforts. The scale of vulnerabilities that must be chased down in each application and the ... Read More
Cybersecurity and Open Source Experts Up In Arms About the CRA
Provisions in the EU's proposed Cyber Resilience Act drew more fire from high-profile cybersecurity and open source technology advocates ... Read More
Threat modeling and the supply chain: An essential tool for managing risk across the SDLC
As organizations seek better ways to establish secure-by-design software, threat modeling can play a huge role in anticipating, avoiding, and planning for potential risks in software across all phases of the software development lifecycle (SDLC) — design, development, testing, and post-deployment. ... Read More
