Are we sitting on major security vulnerabilities right now? How has security changed in the past 20 years? We interviewed Ilkka Turunen, Sonatype Field CTO and Muzaffer Pasha, Security Evangelist at Traceable about how to achieve better security in open source and in your organization.
Gartner has predicted more than 75 percent of global organizations will be running containerised applications in production by 2022. With so many more moving parts to look at, developers have to automate how they gather data on their infrastructure components, while security teams have to understand the new models for applications too.
Data privacy regulations are relatively new and not well understood within an organization. With that context, the way organizations should approach data privacy isn’t only about compliance with regulations; it’s also the right thing to do to build trust with their customers. How do you introduce privacy and trust as part of your culture?
While financial services organisations have historically been strong when it comes to employing application security testing tools, more can be done to accelerate efforts and make these continuous. So what specific steps can be taken by companies in this space to address security in the software they create for the remainder of 2021, and how will this benefit them long term?
Jeff Williams, CTO and Co-founder at Contrast Security, spoke to us about the newest State of Application Security in Financial Services Report. Read his insights on the importance of observability, how false positives affect security, and the best practices we should all take.
We spoke with Brendan O’Leary Sr. Developer Evangelist at GitLab about remote working, the rise in security confidence, testing best practices, Kubernetes implementation, and more. Read on to learn more about what open source tools Brendan O’Leary suggests.
As software has become the backbone of modern business, cyberattacks have become an ever-present threat, making application security a critical necessity to ensure business continuity. This article examines four commonly found software security development issues and how to address them.
For DevOps professionals, the security of applications and application programming interfaces (APIs) is an increasing threat to their organizations. Jeff Williams discusses how many common security issues in your software stack can be addressed with the use of instrumentation.
Kevin Bocek discussed security with us, including the impact of a successful software supply chain attack, what security best practices we should all follow, and the difference between human and machine identity. Kevin shares his knowledge from over 16 years of experience in IT security.
Securing sensitive data (called “secrets”) — such as passwords, machine credentials, and API keys — is not always simple to manage manually, especially at an enterprise scale. This article explores the importance of secrets management, and how Puppet and HashiCorp Vault adds an extra layer of protection as you continue to build out your cybersecurity strategy.
Contrast Security announced Contrast Scan, a new tool that will help teams improve team’s security by quickly finding and identifying vulnerabilities and insecure code. We spoke with Steve Wilson, Chief Product Officer at Contrast Security about the release and security best practices.
Before 2011, certificate lifespans ran as long as a decade. In 2012, they were shortened to five years. In 2015, that became three years and in 2018, two years. As of September 2020, that became just one year. Certificate lifespans are likely to get even shorter down the line.
It’s been three years since the GDPR was enforced. Compliance with the EU data privacy regulation remains an ongoing challenge for organisations as do raising cyber security expectations and threats. Industry experts in the technology and software space share their reflections.
As digital transformation efforts advance and cloud-native becomes more popular, the role of application security within cloud-native architectures needs to become a priority. So, when looking at how to best secure these complex, cloud-native applications, where should development teams start?