Many organizations struggle to understand how to approach application security program maturity. Caitlin Johanson and Dan Cornell of Coalfire share why AppSec maturity is important and offer strategies for how enterprises can evaluate their AppSec maturity levels and build a robust response.
Noname Security has released its new API Security Trends Report and - no surprise - API usage has grown exponentially. The bad news: So have API attacks by opportunistic adversaries. Karl Mattson of Noname discusses the report and some new ways of approaching API security.
The U.S. OMB recently released its latest deliverable as part of President Biden's cybersecurity executive order. Former federal CISO Grant Schneider discusses this guidance and shares best practices for agencies and organizations to improve the security of their software supply chain.
Studying software engineering practices from 100,000 production applications and 4,000,000 open source component migrations, Sonatype uncovered eye-opening behaviors in modern software development, including a surprising trend that nearly 70% of dependency management decisions are suboptimal.
The focus on automation, tooling and reactive responses to cyber threats can no longer stand alone against an increasingly sophisticated threat landscape, where attackers are also employing advanced tools to successfully breach even the most protected networks and systems. What is needed is a human-led approach to...
While there are many solutions that claim to simplify certificate lifecycle management, not all of
them are built to address the unique complexities of today’s expansive and distributed digital
When evaluating a certificate management solution, it is important to look for
key capabilities that...
Acceleration to the cloud is affecting all
industries as organizations take advantage of
the flexibility, efficiencies and security benefits
of being able to hyperscale their abilities to
elastically spin up large-scale environments in
seconds. But these new cloud-native and hybrid
cloud environments, which use...
Secured Access Service Edge, or SASE, is no longer a buzzword tossed around by cybersecurity pundits but is a robust, cloud-based service model to enable secure anywhere, anytime access from any device.
In the Are you SASE Ready? 5 Steps for Building Your SASE Roadmap webcast, you will learn how to build a roadmap...
To help prevent and defend against emerging cyberthreats, CISOs must develop a multi-line defense strategy and invest in threat-hunting capabilities and orchestration, a panel of cybersecurity experts advises.
With the advent of CI/CD pipelines, supply chain attacks have become more prevalent – and as the recent SolarWinds breach has demonstrated, the impact of such breaches can be vast and rippling.
This eBook addresses questions raised by security leaders that want to better understand their organization’s...
The SolarWinds supply chain compromise has raised questions over how to detect software that has been tainted during the vendor's development and build process. A concept called verified reproducible builds could help, says David Wheeler of the Linux Foundation.
Open source software is created by talented software developers from around the world who donate their time and intelligence to create software and components, then provide those free of charge to anyone wishing to
use them under the terms of their licenses (including the Beerware license).
The benefits open source...
While CISOs and CIOs have the unenviable position of taking the lion’s share of accountability for software security, especially in the event of an embarrassing company data breach, they are also afforded a unique opportunity of increasing relevance: they are the new innovators, and they can be highly influential...
To ensure data and services are protected against attack, DevOps is evolving to incorporate
cybersecurity practices across the lifecycle. Organizations need to take into account the fast-moving
nature of continuous innovation, and a rapidly evolving and fragmented threat landscape: otherwise
security can get in the...