The number of security challenges companies are facing continue to grow, but organizations are beginning to display signs of “AppSec exhaustion,” or decreased engagement in security practices. This is according to Snyk’s new State of Open Source report, which found that dependency tracking and code ship frequency has remained largely unchanged since last year. There … continue reading
AppSec company Backslash Security has announced new capabilities to better detect security issues in applications. Backslash utilizes a number of security scanning capabilities to uncover potential issues, including SCA, SAST, SBOM, VEX, and secrets detection. It now integrates with GitHub Enterprise On-Premise, GitHub Enterprise Server, GitLab On-Premise, and Bitbucket On-Premise. By offering integration into more … continue reading
Developer productivity solution provider Snyk today released Snyk AppRisk Pro, which uses artificial intelligence (AI) and machine learning (ML) to help developers and security teams locate and remediate critical risks that can harm the business. Snyk AppRisk Pro gives AppSec teams context around risk issues to enable the teams to prioritize the riskiest issues and … continue reading
As companies across the globe race to fortify their cybersecurity defenses, they’re increasingly finding themselves navigating a complex maze when it comes to security testing. The past decade of innovation has produced an ecosystem now booming with countless tools, yet aligning these tools together, and avoiding tool sprawl, is proving to have its own set of … continue reading
Qualys is now allowing AppSec teams to leverage their risk management platform to assess, prioritize, and address the risks associated with first-party software and its embedded open-source components. In the digital transformation era, organizations develop their own software to run their businesses. However, first-party software often lacks the same level of disciplined vulnerability and configuration … continue reading
With a 742% average annual increase in software supply chain attacks reported by Sonatype, application security has become a top concern for businesses. Today Vaadin is excited to announce AppSec Kit, a new Acceleration Kit designed to enhance the security of your web applications built with Vaadin. AppSec Kit is currently available for Vaadin 7 and Vaadin … continue reading
The collaboration platform Stack Overflow for Teams is now free for up to 50 users and the Free plan includes ChatOps integrations to Slack and Microsoft Teams. “The open source ethos that is foundational to this network was an inspiration for our new free offering. We’re excited to enable those who are working towards a … continue reading
Traditional application security is different in two key ways from what has come to be known as DevSecOps. First, modern software companies are integrating application security into their DevOps pipelines, so security becomes part of the flow. Second, it’s also about DevOps being built into application security. Patrick Carey, who leads product strategy in the … continue reading
A majority of developers feel forced to sacrifice security for the speed that today’s development cycles require. A recent report from WhiteSource found 73% of security teams at organizations are forced to cut corners, and the AppSec tools they use are to check the box towards DevSecOps improvements and are not effectively used. “There are … continue reading
To understand an enterprise’s current state of software security risk, executives, security practitioners and development teams need information. Benchmarks provide useful information on performance and risk. However, ideas about which benchmarks are most important will differ depending upon the corporate stakeholder to whom you’re speaking. For example, a business decision-maker has to justify the expense … continue reading
Software security continues to be a top priority for organizations and development teams, but they are still struggling to address vulnerabilities in their applications. A recently released report revealed while organizations are beginning to increase their application testing efforts, their remediation rates are falling. The 2019 WhiteHat Application Security Statistics report is based on data … continue reading
A crystal ball presentation on the future of application security at the Gartner Security and Risk Management Summit this year caught the eye of us in the software security space. In case you missed it, the top-line predictions were: By 2022, software composition analysis (SCA) will surpass traditional AST tools (SAST, DAST) as the primary … continue reading