Industry Experts Provide Tips For Successful Cyber Diligence in M&A

Industry Experts Provide Tips For Successful Cyber Diligence in M&A

Mergers and acquisitions can be successful growth strategies for many companies. They bring together customers, IP, and assets — but they also bring together liabilities and risk as well. Among these are cybersecurity risks. “Cyber diligence” — cybersecurity evaluations performed as part of the M&A decision-making processes — has grown ... Read More
Ten Application Security Terms That Every Developer Should Know

Ten Application Security Terms That Every Developer Should Know

A few months ago I gave a talk about securing microservices at the Boston Cloud Native Computing Meetup. After the presentation, a young developer (a recent college grad) came up to me and said, “Nice talk — I didn’t learn any of that at school.” I asked which parts were ... Read More
How to Address PCI DSS Requirement 6.6 — A Two-For-One Solution From Threat Stack

How to Address PCI DSS Requirement 6.6 — A Two-For-One Solution From Threat Stack

The current version of the PCI DSS is 3.2.1, published in May 2018. Requirement 6 states that you must “Develop and maintain secure systems and applications.” Sure, no problem. That’s totally clear and straightforward — at least for anyone who’s never tried to develop and maintain secure systems and applications! ... Read More
50 Valuable PCI Compliance Tips

50 Valuable PCI Compliance Tips

The Payment Card Industry Data Security Standards (PCI DSS) provides a rigorous security framework and best practices for businesses that store, transmit, or process credit card information. The PCI DSS is a set of technical and operational requirements that govern modern payment processing. Businesses and organizations in the payments industry ... Read More
Stretch Right With Threat Stack Application Security Monitoring

Stretch Right With Threat Stack Application Security Monitoring

In our last post, we explored how Threat Stack’s Application Security Monitoring embeds security in development processes — without negatively impacting agility or speed of application development and deployment. Empowering developers to proactively address software risk is central to organizations that “stretch left” to build security into their entire software ... Read More
Stretching Left With Threat Stack Application Security Monitoring

Stretching Left With Threat Stack Application Security Monitoring

Developers have always been overworked. They face a constant flow of feature-focused work from the business and need to balance that with work involving performance, quality and reliability, and technical debt. While DevOps and highly automated CI/CD pipelines have made developers more productive by removing low-value non-development tasks, it has ... Read More
Threat Stack Launches New Unified Application Security Monitoring Solution

Threat Stack Launches New Unified Application Security Monitoring Solution

Threat Stack’s Application Security Monitoring enables cloud security observability across the full stack & full lifecycle in a single solution Even when companies have a formal software security team, the ratio of security team members to developers is about 1 to 75. Web application attacks are the # 1 cause ... Read More
Defining the “Full Stack” in Full Stack Security Observability

Defining the “Full Stack” in Full Stack Security Observability

Here at Threat Stack, we’ve been talking a lot about security observability recently (check out this article and whitepaper). When you design and monitor your systems for security observability, you reduce risk and minimize the likelihood and potential impact of a security breach. But in the same way that you’d ... Read More
Beyond Checkboxes: 6 Cloud Security Measures All Healthcare Organizations Should Take

Beyond Checkboxes: 6 Cloud Security Measures All Healthcare Organizations Should Take

Modern healthcare is a full participant in the digital economy, and personal health information (PHI) is at its center. But today’s digital landscape is a volatile threat environment where sensitive personal data is a coveted commodity. Minimizing exposure, liability, and risk to PHI is a necessity with visibility all the ... Read More
New PCI Standards for New Ways of Building Software

New PCI Standards for New Ways of Building Software

This post explains how the PCI Security Standards Council has introduced its new PCI Software Security Framework to align PCI with modern software development and deployment practices such as DevOps, microservices, and containers. The Payment Card Industry Data Security Standard (more commonly known as PCI DSS) has been a standard ... Read More