Developers need findings with higher context, not additional findings, in order to make applications secure in today’s environment.Photo by Johnson Wang on UnsplashFor too long, application security vendors have been focused on finding vulnerabilities in the individual components of an application. Success for many appears to be measured by the quantity ... Read More

Having spent 15 years detecting malware — virus, intrusions, worms, nation-state attacks, etc — I learned that much of security is reactive. We let the bad guy shoot first and then try to figure out how we are going to protect ourselves. Software vulnerabilities are one of the most important problems in security and ... Read More

Yesterday’s announcement of the acquisition of Semmle by GitHub (Microsoft) is a ringing endorsement of the need to move security to the left— “shift left”. It is a validation of the growing influence of software developers in the world, the importance of code analysis for securing software in modern DevOps ... Read More

If the appsec industry were to develop a better AST solution from scratch, what would it look like?As software, aka applications, microservices, and workloads, increasingly moves into the cloud, its protection has become paramount. Recent research highlights this need, pointing to application vulnerabilities as the leading source of security breaches ... Read More

Finding, prioritizing, and fixing vulnerabilities during Development and protecting the applications from attacks in Production is the security best-practice. Yet, this is ineffective, resource intensive and exacerbated as organizations modernize their development practices. This blog provides the blueprint for a purpose-built approach to make our applications more secure.Let’s look at ... Read More