The "shift left" movement puts "unrealistic" expectations on developers, said Gayatri Prakash, vice president and general manager of compliance at CloudBees. She said installing new tools to manage various parts of the SDLC is not necessarily "going to solve our problem for security."
Organizations have long been using software from open-source ecosystems without fully realizing how much software they actually pull from these libraries, but the potential downstream effects of security flaws could have a major impact, said Pete Morgan, co-founder and CSO at Phylum.
Developers want to move quickly and they want security to be "a natural part" in every step of the software development life cycle. Generative AI can play a pervasive role in helping cybersecurity keep up the pace, according to Brian Roche, chief product officer at Veracode.
In today's development environment, securing web applications is crucial. Traditional application security testing techniques like DAST can be inaccurate and generate many false positives. Interactive Application Security Testing (IAST) offers a more advanced and accurate approach to testing application...
Snyk has executed its third round of layoffs since June 2022, axing 128 workers amid projections of challenging market conditions persisting into early 2024. The Boston-based application security vendor revealed Thursday plans to reduce its more than 1,200-person staff by an estimated 11%.
Supply chain attacks have evolved from exploiting organizations with unpatched vulnerabilities in open-source libraries to proactively injecting malicious code into a victim's IT environment, according to Janet Worthington, senior analyst at Forrester.
For the first time in its 17-year history, application security vendor Checkmarx will have a new leader. The company has tapped Sandeep Johri, the longtime chief executive at software testing vendor Tricentis, to serve as its new CEO less than two years after being acquired by Hellman & Friedman.
Security practitioners are putting cognitive psychology and customer experience at the forefront of new product development in a push for usability, says Trusona's Kevin Goldman. Getting user experience designers familiar with products allows them to speak meaningfully with the security team.
In early 2020, an ambitious group of developers assembled to tackle the biggest cybersecurity challenge they had ever encountered – securing the software supply chain. They founded Phylum and got to work. Fast forward to today: it’s been about a year since Phylum launched its software supply chain security...
CircleCI, which is used by over 1 million developers to build, test and deploy software, has issued a brief security alert warning all customers to immediately "rotate any secrets stored in CircleCI" as it continues to probe a suspected two-week intrusion.
Software supply chain security (SCS) is rapidly gaining unwelcome notoriety as high-impact breaches hit the headlines.
Learn how bad actors have weaponized open source principles and why SBOM is just a baseline.
Download the whitepaper to learn more on
Strategies that go beyond SBOM;
How and why a...
the conventional AppSec focus on identifying and fixing exploitable vulnerabilities in code is not enough. The software supply chain is being weaponized at an alarming rate and businesses must adapt their AppSec strategy in response.
This white paper explores why software supply chain security is more important than...
To detect potentially exploitable security vulnerabilities, organizations that create software tend to use solutions such as static, dynamic, and interactive application security testing (AST), to scan their source code.
While such solutions are effective at what they are designed for (scanning proprietary code),...
As the pace of software development increases along with cloud migration to support it, organizations must take a new approach to security. DevSecOps—integrating security processes into the DevOps pipeline—can help organizations rapidly deliver secure and compliant application changes while running operations...
Palo Alto Networks will make its first major acquisition in nearly two years, scooping up application security startup Cider Security for $250 million. The Silicon Valley-based platform security behemoth will fork over $194.6 million of cash as well as $55.4 million of replacement equity for Cider.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.
