Stephen Gates

Blog – Checkmarx

Most security and risk (S&R) professionals in our industry have heard of Top 10 Lists. For example, OWASP and their community of contributors have expanded their Top 10 security projects to include Mobile Apps, APIs, IoT, Serverless, Containers, Blockchain, etc. In fact, there are a large number of OWASP Projects ... Read More

This past March, the National Institute of Standards and Technology (NIST) released the NIST Special Publication 800-53, Revision 5, which was their final public draft revision. According to the abstract, “This publication provides a catalog of security and privacy controls for federal information systems and organizations to protect organizational operations ... Read More

“I think Node (.js) is not the best system to build a massive server web. I would use Go for that. And honestly, that’s the reason why I left Node. It was the realization that: oh, actually, this is not the best server-side system ever.” (HS, 2017) This quote is ... Read More

When beginning to utilize any new programming language, a frequent obstacle developers face is the sheer lack of secure coding education and training about common pitfalls and coding errors during the language-learning process. The subject of security is often neglected by many articles pertaining to a new language, or security ... Read More

The automotive industry is experiencing radical change—and software is the catalyst. Progressively more software, increasingly intelligent components, and new methods of interaction are finding their way into automobiles of all sizes and price. Software empowering the latest features has become a critical differentiator in this industry, beyond improving road safety, ... Read More

Most organizations who are in the process of transitioning to DevOps understand that this new software development methodology is really about a change of corporate mindset, improvements to internal practices, and the usage of development tools that increase an organization’s ability to deliver software at higher rates. DevOps enables organizations ... Read More

Recently, I had an opportunity to sit down with Kurt Risley and ask him about his experiences and observations when working with organizations who desire to develop a comprehensive AppSec Awareness Program. The Q&A is as follows: Stephen: Since our world relies heavily on software, today more than ever before, ... Read More

Although software is significantly changing our work, home, and personal lives, many don’t realize that today’s software is made up of numerous ingredients. Some of the software we use daily contains pieces of custom code that’s developed internally by an organization, while other pieces of code come from community-driven open ... Read More

As the world duly salutes our front-line medical professionals, first responders, military and police, factory workers, delivery drivers, construction teams, repair technicians, store clerks, farmers, truckers, pharmacists, cooks, and millions of other people who continue to put themselves front and center of today’s conditions brought on by COVID-19, we cannot ... Read More

In an industry full of acronyms and buzz words, the term “shift left” surfaced as a result of organizations waiting to perform software security testing until the end of the development process. The problem here is that the industry still tends to think of developing, testing, and delivering software as ... Read More