Tag Archives: application security

AppSec / DevOps Survey: 63% Concerned with Open Source


February 5, 2014 By
Derek Weeks
Devops Appsec

A sneak peek at interim results from the “Developers and Application Security: Who is Responsible?” 2014 survey are in, and there’s still time for you to participate. Here’s a little something for you to think about. Once upon a time, we used to develop our own software. But these days, we are developing 90% of […]

Continue reading...

Should DevOps Account for Continuous Trust of Production Applications?


January 9, 2014 By
Jessica Dodson
devops

To find previous blogs in this DevOps series, read: Part 1 – Agile, Component Development & DevOps – A Natural Match Part 2 – DevOps Success is Contingent on Shifting Left  Part 3 – DevOps Requires an Optimized Application Development Tool Chain Part 4 – Component Capable Release Management is Key to DevOps Part 5 […]

Continue reading...

Who Really Wrote Healthcare.gov?


December 23, 2013 By
Wayne Jackson
Healthcare.gov

Opening a Dialogue About Supply Chain Risk Management in a World Powered by Open Source Software. As Marc Andreessen famously observed, “software is eating the world”. The proliferation of software is, indeed, transformational – it is everywhere, in laptops, of course, but also in cars, planes, phones, pacemakers, insulin pumps, refrigerators, thermostats, you name it. […]

Continue reading...

Move Left and Be More Secure


September 16, 2013 By
Jessica Dodson

Author Attribution: This post was written by a guest blogger: Mark Miller, Founder and Curator of Trusted Software Alliance. In a “50-in-50” interview on the Trusted Software Alliance site, Gary McGraw talked about the concept of ‘moving left’, or ‘shifting left’ when it comes to application security in the software life cycle. Traditional development leaves […]

Continue reading...

Application security needs to be redefined to stay relevant


July 26, 2013 By
Derek Weeks

Ok, so maybe it’s not the definition that’s the problem. Maybe it’s the fact that most people think of DAST and SAST when it comes to application security.  And when most developers are faced with DAST and SAST, they run for cover. Or maybe it’s the fact that most security practices are primarily focused on […]

Continue reading...

Do you trust your software supplier? Questions to ask yourself – and them!


July 24, 2013 By
Jessica Dodson

Ever since I attended the recent Gartner Security & Risk Management Summit, I’ve found myself thinking a lot about if “you can trust your software supplier”. My colleague wrote about this a bit in a Gartner recap blog and our CEO co-presented on this topic with Curtis Yanko as part of a solution provider session. […]

Continue reading...

Good Hygiene Should be a Foundation of Application Security


June 19, 2013 By
Ryan Berg

Over the past week, there have been several articles, blog posts and security institutes about the latest release of the OWASP Top 10. Now is the right time to join the discussion. All this chatter doesn’t come as a surprise to me or others that have been long time participants in the application security space. […]

Continue reading...

Application Security, Not so Black & White


May 8, 2013 By
Ryan Berg

I’m glad to see that Simon Phipps, independent open source consultant and a director of the Open Source Initiative, promote the need to manage components effectively. In his recent InfoWorld article he notes: “Cyber security is on the national political agenda, but do we really understand what it takes to be secure? Now that enterprise […]

Continue reading...