Dev & DevSecOps
TPSRM: What It Is — And Why It Matters
Third-party risk management TPRM is a well-established pillar of enterprise security programs. Its focus is on evaluating vendors for financial health, operational resilience, and compliance. As digital ecosystems expanded, so did the ...
Accelerate PQC Migration: How to Leverage CBOMs for Cryptographic Asset Discovery
As quantum computing threatens to undermine today’s cryptographic standards, organizations must move quickly to achieve crypto-agility and secure their software supply chains. This blog post explores how a Cryptography Bills of Materials ...
The state of DevSecOps: Why upgrading your AppSec tooling is essential
DevSecOps started getting written and talked about a decade ago, and today many companies are paying attention to the best-practices recommendations put forth in the press and conferences. In fact, a report ...
CI/CD pipelines and the cloud: Are your development secrets at risk?
Continuous integration/continuous delivery (CI/CD) is widely embraced by developers because of its ability to deliver code changes more frequently and reliably. Unfortunately, it can deliver those code changes insecurely. When coupled with ...
Memory-safe languages and security by design: Key insights, lessons learned
For more than 50 years, software engineers have struggled with memory vulnerabilities, but it has only been in recent times that serious efforts have been undertaken to get a handle on the ...
NIST updates supply chain guidance: 3 ways to pump up your CI/CD security
The final version of guidelines to help organizations secure their software supply chain has been released by the National Institute of Standards and Technology (NIST). The document, "Strategies for the Integration of ...
Are AI development tools exposing your organization? 4 key considerations
Microsoft's soon-to-be-released GitHub Copilot Enterprise option will give organizations an enterprise-grade subscription plan for its AI-powered code-completion tool, which helps developers write code faster ...
The state of container security: 5 key steps to locking down your releases
Container technologies are rapidly transforming application development and deployment practices at many organizations. But they also present a minefield of security risks for the growing number of organizations using the technology to ...
Rust on Android goes bare metal: 3 key mobile security benefits
A milestone in the software industry's move toward safer programming languages was reached last week with Google's announcement that it is extending the use of Rust into bare-metal Android environments ...
The evolution of app sec: Getting off the scan-and-fix hamster wheel remains elusive
Over the last 20 years, cybersecurity has changed a lot, but one thing has remained resistant to change: scanning resources for defects and fixing them. Now may be the time to hop ...
