The evolution of AppSec: 4 key changes required for a new era
Software development continues to swiftly advance and also to entail more complex dependencies, with continuous integration/continuous development (CI/CD) bringing faster code releases. Meanwhile, application security (AppSec) is struggling to keep up with its practices and tooling ... Read More
Developers behaving badly: Why holistic AppSec is key
A recent survey shows that untested software releases, rampant pushing of unvetted and uncontrolled AI-derived code, and bad developer security are all culminating to seriously expand security risks across software development. Add in the explosion of low-code/no-code development and economic headwinds that are pressuring developers to deliver features with less ... Read More
How legacy AppSec is holding back Secure by Design
After years of headline-popping software supply chain–related breaches — think SolarWinds, Log4j, 3CX, and MOVEit — software security advocates agree that organizations have to change the way they tackle application security (AppSec) ... Read More
App sec prioritization is priority No. 1 for CISOs
As application security and DevSecOps teams try to get the most bang for their app sec buck, one of the perennial problems has been figuring out where to focus their secure coding and vulnerability remediation efforts. The scale of vulnerabilities that must be chased down in each application and the ... Read More
Cybersecurity and Open Source Experts Up In Arms About the CRA
Provisions in the EU's proposed Cyber Resilience Act drew more fire from high-profile cybersecurity and open source technology advocates ... Read More
Threat modeling and the supply chain: An essential tool for managing risk across the SDLC
As organizations seek better ways to establish secure-by-design software, threat modeling can play a huge role in anticipating, avoiding, and planning for potential risks in software across all phases of the software development lifecycle (SDLC) — design, development, testing, and post-deployment. ... Read More
Supply chain security: Is technical debt weighing your team down?
Rampant lapses in software supply chain security don't manifest suddenly. They build up over months and years, one out-of-date component, overly permissive account, or misconfigured API at a time. And over time, these gaps mount up, like bad credit card debt on the ledger of supply chain security ... Read More
Risk modeling initiative aims to expose the ‘hiddenness of knowledge’ in the supply chain
As Google's collaborative project known as the Graph for Understanding Artifact Composition (GUAC) starts to gain steam, the firm is bolstering its investment in dependency mapping by supporting a new project on top of GUAC that is geared toward risk modeling ... Read More
AI and the software supply chain: Application security just got a whole lot more complicated
As artificial intelligence (AI) captivates the hearts and minds of business and technology executives eager to generate rapid gains from generative AI, security leaders are scrambling. Seemingly overnight, they're being called to assess a whole new set of risks from a technology that is in its infancy ... Read More
5 reasons why cyber attackers love developers
When security leaders ask developers to take a security-first mindset, it usually takes the form of how they code or set up related application infrastructure. But developers are becoming a conduit for cybercriminal attacks in far more than the traditional application security arenas ... Read More
