
Reachability and Risk: Tools for Security Leaders
By Malcolm Harkins, Bryan Smith, Rob LundyAttacker Reachability (or “Attackability”), is a concept in open source software vulnerability management. It’s a way to understand if, 1) a vulnerability is present, and 2) Can an attacker actually get to it.It is impossible to manage security posture without considering two key factors in any ... Read More

Okta’s Breach Highlights Risk of Putting Crown Jewels in the Cloud
By Arun Balakrishnan, Sr. Director Product ManagementPhoto by Markus Spiske on UnsplashIdentity credentials and source code are critical assets that can create major risks for your organization when exposed by breaches of third-party cloud service companies that provide identity management and software composition analysis. Know the risks of pushing your crown ... Read More

Importance of Securing Software with a Zero Trust Mindset
By Shinesa Cambric, MicrosoftThis article is part of a series showcasing learnings from the Secure Software Summit.Photo by Morgane Perraud on UnsplashWith the increase of supply chain attacks on everything from logging software like Log4J to takeovers of important JavaScript packages to compromises of network utility tools like SolarWinds, more and more ... Read More

Secure Software Summit: The State of OSS Supply Chain Security
By Dan Lorenc, ChainguardThis article is part of a series showcasing learnings from the Secure Software SummitPhoto by Reproductive Health Supplies Coalition on UnsplashThe Open Source Software (OSS) Supply Chain is under attack. As evidenced by the recent Log4Shell vulnerability, the OSS supply chain is increasingly a focus for attackers seeking to ... Read More

Secure Software Summit Series: Focus on Preventative Readiness
By Chetan ConikeeThis article is part of a series showcasing learnings from the Secure Software SummitPhoto by Towfiqu barbhuiya on UnsplashThe connected world economy and the COVID-19 pandemic forced companies to accelerate digital transformation. Sophisticated cybercriminals have seized this forced acceleration to lay the groundwork for cyberwarfare. In reaction to recent attacks ranging ... Read More

Secure Software Summit Findings
Shifting Security Left is a Work In ProgressWhat are the biggest concerns on the minds of application security and developers?As part of the inaugural Secure Software Summit event, ShiftLeft polled conference participants on a wide range of topics related to application security, supply chain security, and the current cybersecurity threat environment ... Read More

Malware Evolves to Present New Threats to Developers
Malware, or code written for malicious purposes, is evolving.Photo by Cécile Brasseur on UnsplashSoftware developers face new threats from malicious code as their tools and processes have proven to be an effective and lucrative threat vector. Traditionally, software developers have protected themselves from malicious code like everyone else — by securing their devices, ... Read More

Best Practices for Application Security in the Cloud
An overview of threats and best practices in all stages of software development in the cloud.Photo by Daniel Páscoa on UnsplashThe future of application security is in the cloud. Software development and application deployment continue to move from on-premise to various types of cloud environments. While the basics of application security (AppSec) ... Read More

The Complete Guide to Securing Your Software Development Lifecycle
How to improve the security of your application with strong DevSecOpsPhoto by 愚木混株 cdd20 on UnsplashThe unfortunate reality is this: application security is in an abysmal state. Industry research reveals that 80% of tested web apps contain at least one bug. This rampant software insecurity proves devastating to the 60% of ... Read More

Secure Software Summit 2022
Join us for a day on the latest methods and breakthroughs in secure coding and deployment practices________________________________________________________________We are very excited about the upcoming inaugural Secure Software Summit, which brings together leading innovators and practitioners of secure software development on January 27, 2022. This is an event designed for all who ... Read More