AppSec
973 MCP Packages, 71% Single-Maintainer: A Practitioner’s Guide to AI Developer Security
At a Glance AI security tooling adoption lags behind AI coding tool adoption by an order of magnitude. Download ratios: 10:1 on PyPI, 28:1 on npm. AI-generated code ships vulnerable at baseline. 45% failure ...
Agentic AppSec: closing the remediation gap and automating application security
Application security has spent a decade getting brilliant at half of its job. This is about automating the other half – starting with the fix, and not stopping there ...
The Government Just Made Our Case: Stop Fixing Everything, Fix What Matters.
CISA made risk-based prioritization federal policy. That’s the problem we’ve been working on for years ...
Survey: Organizations Take Too Long to Fix Application Vulnerabilities
A global survey of 902 IT and security professionals finds 80% of respondents work for organizations that have been impacted by an application security incident in the last 12 months, with 36% ...
Mobile Application Security: What Every Organization Needs to Know
Mobile apps are now deeply connected platforms for identities, payments, sessions, APIs, healthcare, retail, gaming, and cloud services. In this special episode, Tom Eston talks with Joel Destefano, Senior Product Manager at ...
AppSec Tools Explained: SAST vs SCA vs DAST | Sonatype
Application security (AppSec) tools are essential for identifying and fixing vulnerabilities throughout the software development lifecycle. As modern applications increasingly rely on open source components, choosing the right combination of tools becomes ...
