Applications are becoming the primary security threat vector. Since applications are constructed from 3rd party components, there continues to be a tremendous amount of industry effort and impetus behind managing open source components effectively. And now we can add the Financial Services / Information Sharing and Analysis Center (FS-ISAC) to the list.
We continue to see exponential growth in requests from the Central Repository. In fact, there were 8 Billion requests in 2012 – and it is looking like this year will total up to 13 Billion requests.Given these trends, the time seemed right for a series of blog posts that address recent activity in the area of open source governance and security
Well there is nothing like an updated specification that drives action or interest in a topic. We’re seeing that with the introduction of PCI 3.0. While there are several key updates to the specification, the one I find most interesting reflects the reality of how applications are constructed today – from components. It’s great to [...]
The (ISC)2 Global Information Workforce Study CXO Report was recently released. The report found some interesting and troubling data on application security. While security executives noted that application vulnerabilities were their top concern, this did not translate into how their security team invested their time – in fact, focusing on software development was at the [...]
Intro – Part 2 of Component Management Strategy and DevOps – Part 3 Up Next Ok, I’ll admit it. It’s another cliche. It’s really not a new concept at all – security experts have been talking about designing security in from the start for decades. So what’s different? Well, first of [...]