WhiteSource has renamed itself Mend as the company pushes beyond software composition analysis to become a broad application security platform with automated remediation. The name WhiteSource didn't have any negative connotations when the company was founded, but some people today find it offensive.
The Linux Foundation and the Open Source Security Foundation have put forth a nearly $150 million investment plan, spread across two years, to strengthen open-source security in the U.S. The plan was announced at the Open Source Software Security Summit II in Washington, D.C., on Thursday.
According to a recent survey conducted by Noname Security, 41% of
organizations experienced an API security incident in the last 12 months and
63% of the incidents involved a data breach or data loss. Filip Verloy, technical
evangelist, EMEA at Noname Security, says that “tighter integration of API
In light of research saying 41% of organizations had an API security incident in the last year and 63% of the incidents involved a data breach or loss, Filip Verloy of Noname Security discusses how tighter integration of API security testing and other "shift left" strategies can mitigate breaches.
When it comes to vulnerabilities, what you don’t know can hurt you. Just because a system doesn’t have any known vulnerabilities, it does not mean it is secure. There are almost infinite possibilities for input into a product, and any one of them might lead to an undiscovered security flaw. In this guide, we...
Global research: Security leaders’ priorities for cloud integrity, the talent gap and the most urgent attack vectors.
Exacerbated by the pressures of the pandemic, the rise of dangerous avenues of attack and a crisis of staff burnout, security teams are dealing with a lot:
78% of security and IT leaders say...
FedRAMP compliance for a software as a service (SaaS) vendor is challenging at scale. The only way to force multiply your security effort is to use cloud native technology. Datadog in particular has some unique concerns with regard to securing customer data. Join this session to learn exactly how they maintain...
You can see it in the headlines: Apps are a prominent vector for adversaries to get entry into organizations and access to the digital crown jewels.
Daniel Shugrue of Digital.ai tells why "shift left" means far more than just testing software for vulnerabilities.
In an interview with Information Security Media...
You can see it in the headlines: Apps are a prominent vector for adversaries to get entry into organizations and access to the digital crown jewels. Daniel Shugrue of Digital.ai tells why "shift left" means far more than just testing software for vulnerabilities.
Jeff Williams, co-founder and CTO of Contrast Security, says people have a right to know if the products they use are secure. It's difficult to tell if software is secure, he says, so companies need incentives to build good security programs, improve their software and disclose any flaws they find.
Fresh from the Log4j mitigation sprint, enterprises now find themselves confronting cultural barriers between application development and security. Larry Maccherone of Contrast Security shares insight on how to tear down these walls and incentivize new behaviors.
In the midst of accelerated modernization, increased cybersecurity risks, and the new normal of hybrid work and learning environments, technology leaders in higher education have had to meet enormous challenges. As we enter the new year, what’s on their minds when it comes to issues of cybersecurity, hybrid...
"Mainframe" and "modernization" are not often used in the same sentence. But Eric Odell and Paul Allard of BMC Software share a mainframe DevOps strategy that can result in cost savings, automation efficiencies and reduced risk of mainframe defects.
Cloud migrations are just the beginning of the cloud journey. It takes much more to fully gain cloud's advantages, from refactoring to re-architecting applications. Traditional monitoring approaches aren't going to cut it, and this guide outlines an effective framework for managing the newfound operational complexity...
How industry leaders use data to be more secure, resilient and innovative.
forging the future
What do Nasdaq, McLaren, Slack, Domino’s and NewYork-Presbyterian Hospital have in common?
They — and more than 30 other leaders across industries — all use real-time insights from Splunk to drive outcomes,...