That was then, this is now….Modernizing AppSec in Fast-Paced Development Environments
You are the weakest link. Hello.  Ninety-one percent of organizations experienced at least one software supply chain security incident in 2023. Chances are the other 9% are riding their luck: The average organization has nine high, critical or apocalyptic risks within their supply chain.  At the heart of ... Read More
How to Align Infosec to Business Operations: Sam Curry’s Cybersecurity Playbook for Executives
This cybersecurity playbook is inspired by Sam Curry’s insights on the crucial role of building relationships in cybersecurity to affect change in information security and the business. He recently shared his recommendations on cyberOXtales Podcast, highlighting the significance of trust, alignment, and intimacy in fostering effective relationships within and outside ... Read More
Managing Transitive Vulnerabilities
Transitive vulnerabilities are developers’ most hated type of security issue, and for good reason. It’s complicated enough to monitor for and fix direct vulnerabilities throughout the software development lifecycle (SDLC). When software is dependent on third-, fourth-, and Nth-party components (and most software is), the longtail of risk can seem ... Read More
Effective Incident Response: A Cybersecurity Playbook for Executives
This cybersecurity playbook is inspired by David Cross’s insights on how to best handle a potential incident that could have been caused by what seemed to be a suspicious email sent to a marketing team. He recently shared his recommendations on CyberOXtales Podcast, highlighting the importance of having a clear ... Read More
Unpacking Log4j: A Cybersecurity Playbook for Executives
This cybersecurity playbook is inspired by Amy Chaney’s experience with a major cybersecurity event that rattled the industry not too long ago: the infamous Log4Shell vulnerability. She recently shared her firsthand account on CyberOxTales Podcast, of being in the thick of things at JPMorgan Chase during the crisis. From understanding ... Read More
What to Consider When Choosing a Software Composition Analysis (SCA) Tool
Given the widespread use of third-party components in application development, identifying and remediating code vulnerabilities as early in development as possible is critical. As a result, many organizations turn to SCA tools, however traditional ones often deliver superficial code analysis that floods developers with irrelevant or non-actionable alerts, including numerous ... Read More
