WhiteSource has renamed itself Mend as the company pushes beyond software composition analysis to become a broad application security platform with automated remediation. The name WhiteSource didn't have any negative connotations when the company was founded, but some people today find it offensive.
Many organizations struggle to understand how to approach application security program maturity. Caitlin Johanson and Dan Cornell of Coalfire share why AppSec maturity is important and offer strategies for how enterprises can evaluate their AppSec maturity levels and build a robust response.
Noname Security has released its new API Security Trends Report and - no surprise - API usage has grown exponentially. The bad news: So have API attacks by opportunistic adversaries. Karl Mattson of Noname discusses the report and some new ways of approaching API security.
The U.S. OMB recently released its latest deliverable as part of President Biden's cybersecurity executive order. Former federal CISO Grant Schneider discusses this guidance and shares best practices for agencies and organizations to improve the security of their software supply chain.
Studying software engineering practices from 100,000 production applications and 4,000,000 open source component migrations, Sonatype uncovered eye-opening behaviors in modern software development, including a surprising trend that nearly 70% of dependency management decisions are suboptimal.
With API abuses expected to become the top threat vector in 2022, continued neglect can only mean yet more
This white paper shows the importance of including APIs in web application security testing and outlines a modern approach to vulnerability testing that covers the entire attack...
Organizations are forced to prioritize security efforts. This leads to risky tradeoffs, like only focusing on part of the attack surface. And a lot of organizations have adopted security models such as shifting left, at the risk of having an incomplete strategy. Efforts to staff up, prioritize resources, and situate...
The focus on automation, tooling and reactive responses to cyber threats can no longer stand alone against an increasingly sophisticated threat landscape, where attackers are also employing advanced tools to successfully breach even the most protected networks and systems. What is needed is a human-led approach to...
While there are many solutions that claim to simplify certificate lifecycle management, not all of
them are built to address the unique complexities of today’s expansive and distributed digital
When evaluating a certificate management solution, it is important to look for
key capabilities that...
Acceleration to the cloud is affecting all
industries as organizations take advantage of
the flexibility, efficiencies and security benefits
of being able to hyperscale their abilities to
elastically spin up large-scale environments in
seconds. But these new cloud-native and hybrid
cloud environments, which use...
Many organizations are still figuring out how they want to adopt and use infrastructure as code in their organizations. Most IaC users desire to move and deploy faster, with repeatability and automation as key drivers in that goal. Security is also important, with a desire to enforce strong configuration standards and...
For most knowledge workers around the world, commuting to an office has become a thing of the past.
Even before the COVID-19 global pandemic, the remote workforce's percentage had been trending up due
to the combination of globalization, cloud transformation, convenience, and new progressive work policies.
Secured Access Service Edge, or SASE, is no longer a buzzword tossed around by cybersecurity pundits but is a robust, cloud-based service model to enable secure anywhere, anytime access from any device.
In the Are you SASE Ready? 5 Steps for Building Your SASE Roadmap webcast, you will learn how to build a roadmap...
To help prevent and defend against emerging cyberthreats, CISOs must develop a multi-line defense strategy and invest in threat-hunting capabilities and orchestration, a panel of cybersecurity experts advises.