
Introducing IaC Security from Black Duck
The news is just in, and it’s big: Black Duck now offers IaC scanning functionality. With no additional licenses required, this capability is available immediately for all existing Black Duck customers. Let’s dig into exactly what this means for you, how it helps your existing security efforts, and what you can expect in the months …

Build a holistic AppSec program
What does it mean to build a holistic AppSec program? Learn what’s involved in a holistic approach and how to get started. Digital technology is the centerpiece of modern life today. All around us, technology is transforming business operations from end-to-end, from digital-first businesses to those simply updating existing processes. According to Gartner, 65% of executives …

2022 OSSRA discovers 88% of organizations still behind in keeping open source updated
Open source is everywhere, as is the need to properly manage it. Get the latest open source trends from the 2022 OSSRA report. It’s the time of the year when Spring is springing, and we release the annual Synopsys Open Source Security and Risk (OSSRA) report, with the 7th edition of OSSRA out this week. This year’s …

What is the maturity level of your AppSec program?
Using the Forrester assessment, you can measure the maturity of your AppSec program to help identify areas for improvement. Any organization that wants to secure its software should make maturity of its AppSec program its holy grail. Maturity means making security the first thought, not an afterthought. It means embedding security into software throughout the …
Continue reading “What is the maturity level of your AppSec program?”

AppSec Decoded: Building security into DevSecOps
Our experts discuss the changes organizations are making to their processes and AST tool management to achieve more effective DevSecOps. Application security testing is evolving to meet the speed at which DevOps teams operate. Processes and tools are more fast-paced and rely on integration and automation to maintain efficiency throughout the software development life cycle (SDLC). But …
Continue reading “AppSec Decoded: Building security into DevSecOps”

Integrations are Key to Success in DevSecOps for Embedded Development
The term DevSecOps is a contraction of developer, security and operations. Despite the buzzword hype, it does have positive implications for improving the quality, security and functional safety of embedded software applications. Many organizations have adopted DevOps over the past years and integrated their continuous integration and deployment processes. However, in many cases, security has …
Continue reading “Integrations are Key to Success in DevSecOps for Embedded Development”

What to Expect from DevOps This Year: The Experts Weigh In
Like the rest of the world, last year was a wild ride for those of us in DevOps. Will the craziness continue this year? I invited these industry analysts to join us and weigh in at this special edition of the Software Delivery Leadership Delivery Forum. 2020: A Year of Transformation COVID-19 dominated the headlines in …
Continue reading “What to Expect from DevOps This Year: The Experts Weigh In”

Cybersecurity Trends in Fintech
The year 2020 will go down in history as being a year of uncomfortable changes. Just about everyone was forced to approach aspects of personal and professional life differently, from buying groceries to conducting business to maintaining safe interactions with others. Fortunately, existing technology and service offerings allowed us to make adjustments and work through …

Continuous Verification, AKA Just Doing DevOps
There are several ironies about DevOps that can sometimes cause confusion or perhaps take attention away from what really matters. Take “Shift Security Left” for instance. Yes, it’s cheaper and safer to catch errors before they get into production and, yes, developers should take more responsibility for the quality and security of their code. No one …
Continue reading “Continuous Verification, AKA Just Doing DevOps”

Create a Web Application Security Blueprint
The best way to make web applications secure is to include security at every step along the development process, from requirements analysis, to design, to implementation and testing, and into maintenance and update phases. To that end, it’s wise to consider a kind of “security blueprint” as part and parcel of how you work through …
Continue reading “Create a Web Application Security Blueprint”