Cybersecurity’s workforce woes are a myth: 5 ways to rethink recruiting
The threat landscape is more challenging than ever, and the cybersecurity workforce is dogged by overwork and burnout. No wonder there's a cybersecurity talent shortage. Or is there? ... Read More
Software complexity is a real problem — and your AppSec must factor that in
Achieving strong application security is hard even when AppSec and development teams are overseeing the simplest applications and the most streamlined application portfolios. But "simple" is relative. Most modern software products are complex, often weighing in at over 10GB, with thousands of components in them ... Read More
The state of DevSecOps: Why upgrading your AppSec tooling is essential
DevSecOps started getting written and talked about a decade ago, and today many companies are paying attention to the best-practices recommendations put forth in the press and conferences. In fact, a report released by GitLab earlier this year showed that, as of last year, a majority of companies — 56% ... Read More
Why shareable SBOMs are essential for software security
Software bills of materials (SBOMs) have long been seen as the technical foundation for opening up visibility into enterprise software supply chains. So far, the work has been focused on building the mechanisms for collecting and updating the software ingredients within SBOMs and organizing everything in a repeatable, standardized fashion ... Read More
Where GenAI intersects with threat modeling: 3 key benefits for AppSec
As application security (AppSec) security leaders seek to drive Security by Design initiatives in 2024, threat modeling is becoming more prevalent. In one recent study, 73% of companies said they do threat modeling of their software at least annually, and half said they do it for every release. And 74% ... Read More
When GenAI and low-code collide: What could go wrong for AppSec?
If application security (AppSec) professionals thought the problems of code complexity, code bloat, and the poor state of software supply chain security (SSCS) were bad enough, they had better strap in. Things are about to get a heck of a lot worse with the cross-pollination of generative AI (GenAI) code ... Read More
7 ways to put your code on a diet — and improve AppSec in the process
Application security (AppSec) struggles mightily with scale. Applications must be protected, dependencies tracked, and vulnerabilities prioritized — it can be dizzying to keep tabs on it all. And most overwhelming of all is the sheer gravity of the typical enterprise codebase ... Read More
4 ways hero culture is killing your security program’s effectiveness
Who doesn't love a good hero? In the movies, when the hero swoops in and averts disaster, they receive copious accolades, everyone's satisfied, and the credits roll. In the sequels, new disaster scenarios that no one planned for unfold, but the hero is as fresh and ready as ever to ... Read More
The evolution of AppSec: 4 key changes required for a new era
Software development continues to swiftly advance and also to entail more complex dependencies, with continuous integration/continuous development (CI/CD) bringing faster code releases. Meanwhile, application security (AppSec) is struggling to keep up with its practices and tooling ... Read More
Developers behaving badly: Why holistic AppSec is key
A recent survey shows that untested software releases, rampant pushing of unvetted and uncontrolled AI-derived code, and bad developer security are all culminating to seriously expand security risks across software development. Add in the explosion of low-code/no-code development and economic headwinds that are pressuring developers to deliver features with less ... Read More
