App sec is addicted to vulnerabilities: Why supply chain security requires evolution
As application security professionals and developers seek ways to both prevent new flaws and manage existing vulnerabilities in software, the problems of scale and limited time inevitably rear their heads. Whether it is rooting out vulnerabilities before shipping code, or remediating flaws already in production, there's rarely enough time to ... Read More
Less talk, more action: High hopes for CISA’s C-SCRM software supply chain security office
The US Cybersecurity and Infrastructure Security Agency (CISA) is making moves in 2023 to put all of its recent policy and guidance work around software supply chain security into action. Earlier this month, the agency announced a risk management office that is meant to help operationalize a lot of the ... Read More
8 CI/CD best practices: Secure your software development pipeline
Don't neutralize CI/CD business gains by failing to account for risk. Here are best practices to ensure your software development pipeline is secure. As the adoption of continuous integration/continuous delivery (CI/CD) approaches to software development keeps snowballing, the benefits are stacking up for many organizations. CI/CD helps organizations deploy software ... Read More
8 CI/CD security best practices: Protect your software pipeline
With CI/CD approaches to software development spreading ever more widely, the benefits are stacking up for many organizations. A recent study by the Continuous Delivery Foundation (CDF) shows that developers who use continuous integration/continuous delivery (CI/CD) tools are more than twice as likely to be top performers in restoring service ... Read More
OWASP at a crossroads: Founder Mark Curphey’s call for relevance in the age of DevSecOps
After two decades of raising awareness about the big problems in application security, the Open Web Application Security Project (OWASP) stands at a crossroads. So warns OWASP's founder Mark Curphey, who believes that if the OWASP Foundation continues to do business as usual, it risks dissipating into irrelevancy in the ... Read More
OWASP at a crossroads: Founder Mark Curphey’s call for relevance in the age of DevSecOps
After two decades of raising awareness about the big problems in application security, the Open Web Application Security Project (OWASP) stands at a crossroads. So warns OWASP's founder Mark Curphey, who believes that if the OWASP Foundation continues to do business as usual, it risks dissipating into irrelevancy in the ... Read More
6 Signs DevSecOps Maturity Has a Long Way to Go
Only 20% of organizations believe they've reached full DevSecOps maturity Nine in 10 DevOps organizations have experienced a security incident in their Kubernetes and cloud environments Approximately 60% of developers say they get little to no secure coding training ... Read More
6 Signs DevSecOps Maturity Has a Long Way to Go
Only 20% of organizations believe they've reached full DevSecOps maturity Nine in 10 DevOps organizations have experienced a security incident in their Kubernetes and cloud environments Approximately 60% of developers say they get little to no secure coding training ... Read More
Is Your Org Supporting Employee Cybersecurity Skills Growth?
65% of IT and security managers say the cybersecurity skills gap has negatively impacted their team's performance Cost and lack of time are cited as the biggest impediments for security pros to improve their skills Most organizations had declining, stagnant, or non-existent security training budgets ... Read More
Is Your Org Supporting Employee Cybersecurity Skills Growth?
65% of IT and security managers say the cybersecurity skills gap has negatively impacted their team's performance Cost and lack of time are cited as the biggest impediments for security pros to improve their skills Most organizations had declining, stagnant, or non-existent security training budgets ... Read More
