What Constitutes a Software Supply Chain Attack?

By Ax Sharma on August 03, 2021 vulnerabilities

6 minute read time

ENISA feels the term software supply chain attack is overused, so what does constitute a supply chain attack?
Read More...

How to Better Navigate the World of DevSecOps with Sonatype and Saltworks Security

By Tanya Feghali on July 28, 2020 Open Source

2 minute read time

Sonatype and Saltworks talk about how to deliver higher quality software faster while securely taking advantage of everything open source has to offer.
Read More...

"WTF is DevSecOps?"

By Elizabeth Kathure on May 27, 2020 devsecops

3 minute read time

DevSecOps is a great idea. But it means security engineers, DevSecOps teams, and developers working together.
Read More...

Getting Your Security Program to Shift Left: Operationalizing Security Controls via DevSecOps

By Daniel Longest on May 21, 2020 shift left

3 minute read time

Map the automation opportunities into your software development lifecycle as part of coordinated strategies to shift security left.
Read More...

Ryan Lockard Names the Seven Deadly Sins of DevSecOps [VIDEO]

By Mark Miller on April 02, 2020 AppSec

1 minute read time

Failures are an opportunity to reflect, inspect, and improve DevSecOps practices every day. Which of these have you experienced, and what did you learn?
Read More...

Sladjana Jovanovic and Bill McArthur Move Silos to Communities [VIDEO]

By Mark Miller on March 19, 2020 AppSec

2 minute read time

When we break down the barriers to communication and collaboration, we thrive as humans and as organizations. Sladjana Jovanovic shares her experiences.
Read More...

Why Manual Verification Still Matters

By Peter Morlion on March 10, 2020 AppSec

4 minute read time

We continuously hear the benefits of automation. Jeroen Willemsen explains why we still need to perform manual checks.
Read More...

For Distributed Teams, It’s Not All About the Tools

By Mark Kilby on February 26, 2020 Teamwork

4 minute read time

A great distributed team starts with people with strong collaboration skills. The team needs time to understand each other's preferences to deliver value.
Read More...

Larry Maccherone Says Pixie Dust Security is an Epic Failure [VIDEO]

By Mark Miller on February 18, 2020 AppSec

1 minute read time

A fundamental DevSecOps failure, according to Comcast's Larry Maccherone, is believing that a sprinkle of pixie dust makes a completed application secure.
Read More...