Two AppSec Questions Always Asked

4 minute read time

While Repository Health Checks are valuable, we just released something even better: the CLM 1.11 Dashboard. First of all, it helps you answer the first two critical open source vulnerability

Read More...

Trusting Third-Party Code That Can't Be Trusted

2 minute read time

Paul Roberts (@paulfroberts) at InfoWorld recently shared his perspective on “5 big security mistakes coders make”. First on his list was trusting third-party code that can’t be trusted. Paul shares:

Read More...

Part 3: The Internet of Everything: Code, Cars, and More

3 minute read time

In part two of my blog 'A Closer Look at Today's Software Supply Chain', I discussed why human-speed supply chain management can’t keep pace with today’s agile software development practices and why

Read More...

Stewing Over Software Ingredients

3 minute read time

Just the other day I was planning dinner for my family and thought it would be a great idea to bust out the Dutch oven I had to have, but rarely use, and make a nice stew. I ran to the grocery store

Read More...

Cheeseburger Risk: Not for the Faint of Heart

3 minute read time

If you had a heart attack, would you stop eating cheeseburgers? For most people, the answer is “No”. A recent survey of 1,000 survivors found that 60 percent of heart attack victims weren't sticking

Read More...

Are OpenId and OAuth ‘Bleeding’?

By Ryan Berg on May 07, 2014 openid

4 minute read time

Now that Heartbleed has become the new measuring stick for vulnerability disclosures, I have had several people ask me, “Is this OpenId/Oauth thing the next Heartbleed?” The long answer, as Run DMC

Read More...

Like a Good Holiday, the Verizon Breach Report is Here

By Ryan Berg on May 02, 2014 Sonatype Says

5 minute read time

Like a good holiday the Verizon 2014 Data Breach Investigation Report (DBIR) is something I look forward to every year. Now that I’ve had some office time to digest this, I figured no better time to

Read More...

Do you trust your software supplier? Questions to ask yourself - and them!

1 minute read time

Do you trust your software supplier? Questions to ask yourself - and them!
Read More...

Good Hygiene Should be a Foundation of Application Security

By Ryan Berg on June 19, 2013 OWASP

3 minute read time

Good Hygiene Should be a Foundation of Application Security
Read More...