Sladjana Jovanovic and Bill McArthur Move Silos to Communities [VIDEO]

By Mark Miller on March 19, 2020 AppSec

2 minute read time

When we break down the barriers to communication and collaboration, we thrive as humans and as organizations. Sladjana Jovanovic shares her experiences.
Read More...

Larry Maccherone Says Pixie Dust Security is an Epic Failure [VIDEO]

By Mark Miller on February 18, 2020 AppSec

1 minute read time

A fundamental DevSecOps failure, according to Comcast's Larry Maccherone, is believing that a sprinkle of pixie dust makes a completed application secure.
Read More...

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Ax Sharma on February 17, 2020 vulnerabilities

3 minute read time

Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.
Read More...

The “Big Hack” That Actually Happened - Chinese Military Implicated in Equifax Breach

By Matt Howard on February 11, 2020 vulnerabilities

3 minute read time

Members of the Chinese Military were implicated in the attack on Equifax's software supply chain. It's time to take software supply chain hygiene seriously.
Read More...

Why Does Security Matter For DevOps?

By Derek Weeks on October 01, 2019 security

4 minute read time

Caroline Wong (@CarolineWMWong) explains why organizations that use DevOps are 2X more likely to succeed than peers.
Read More...

A More Secure Web Needs Developers, Defenders, Advocates, and OSS

By Katie McCaskey on September 13, 2019 security

2 minute read time

The largest gathering of Infosec professionals met in Washington, D.C. to discuss the future of web security. Open source software is at the core of it.
Read More...

DevSecOps & Chaos Engineering: Knowing the Unknown

By Derek Weeks on September 04, 2019 software testing

2 minute read time

Aaron Rinehart (@aaronrinehart) dives into chaos engineering: what it is, why you need it, and how you can implement it in your organization.
Read More...

Building Microservice Architecture on Kubernetes

By Derek Weeks on August 22, 2019 open source goveranance

2 minute read time

Namespace-level isolation is helpful for managing Kubernetes architecture. Also, do not put all things in the default namespace. Keep it simple.
Read More...

Better, Faster, Stronger: Nexus Lifecycle's Improved JIRA Add-on Gives Developers and AppSec Something to High-Five About

By Michelle Dufty on August 14, 2019 JIRA

1 minute read time

Nexus Lifecycle's new JIRA add-on with violation reporting eliminates the admin overhead of managing fixes. Component fixes are assigned and tracked with one-click.
Read More...