The Graph for Understanding Artifact Composition (GUAC) is a project dedicated to enhancing the security of software supply chains that has recently become an incubating project under the Open Source Security Foundation (OpenSSF). This collaborative effort, initiated by Kusari, Google, and Purdue University, is designed to manage dependencies and offer actionable insights into the security … continue reading
As security continues to shift left and DevSecOps efforts expand, software security best practices are rapidly evolving. The State of Software Security Report conducted by the application security company Veracode, showed that on average, organizations are running scans on their apps 20 times more than they were just 10 years ago. With this, the report … continue reading
Checkmarx is the global leader in providing software security solutions that unify with modern application development initiatives like DevOps to reduce and remediate risk from software vulnerabilities. Checkmarx delivers the industry’s most comprehensive suite of Application Security Testing solutions and is trusted by more than 40 of the Fortune 100 companies and half of the … continue reading
It’s not enough to keep on top of the most common security issues plaguing software today. Developers should understand exactly what issues are impacting the programming languages they are using. Veracode has released new data that shows the top security flaws affecting .NET, C++, Java, JavaScript, PHP and Python. “Knowing these trends in application security … continue reading
Microsoft has released new data to show how the pandemic is accelerating the digital transformation of cybersecurity. According to the data, 58% of respondents report that they have increased their security budgets due to COVID-19, 82% plan on adding more security staff, and 81% feel pressure to lower security costs. “The role of security in … continue reading
In 2011, Marc Andreessen wrote an article in the Wall Street Journal that included the now-famous phrase “software is eating the world.” Eight years on, that statement rings truer than ever. It’s not a stretch to say that software is eating the cybersecurity world as well. The fallout from not integrating security early in the … continue reading
GitHub wants to help protect the open-source ecosystem with the announcement of the GitHub Security Lab. The lab is designed to bring together security researchers, maintainers and companies who are dedicated to open-source security. In addition, the company will provide tools, resource bounties ,and hours of security research. “We all share a collective responsibility to … continue reading
National Cybersecurity Awareness Month is observed every October as a way to raise awareness about the importance of cybersecurity, but despite the efforts to provide a safer and more secure Internet — problems still remain. In 1998, a group of computer hackers went in front of the Senate to warn them about cyber security. The … continue reading
The code analysis platform provider Semmle wants to expand its reach with the announcement that it is joining GitHub. Together, the companies will work on addressing a big issue in open-source software: security. RELATED CONTENT: Going to school on open-source security “Software security is a community effort; no single company can find every vulnerability or … continue reading
The short answer is never. There, I just saved you enough time that you can go and do the right thing and run SAST and DAST and work on hardening your code, instead of trying to test security into your application. Look, every time a new technology, process, or technique comes along there are some … continue reading
Software security continues to be a top priority for organizations and development teams, but they are still struggling to address vulnerabilities in their applications. A recently released report revealed while organizations are beginning to increase their application testing efforts, their remediation rates are falling. The 2019 WhiteHat Application Security Statistics report is based on data … continue reading
A crystal ball presentation on the future of application security at the Gartner Security and Risk Management Summit this year caught the eye of us in the software security space. In case you missed it, the top-line predictions were: By 2022, software composition analysis (SCA) will surpass traditional AST tools (SAST, DAST) as the primary … continue reading