Topic: software security

‘Security debt’ focus of 2019 State of Software Security report

In 2011, Marc Andreessen wrote an article in the Wall Street Journal that included the now-famous phrase “software is eating the world.” Eight years on, that statement rings truer than ever. It’s not a stretch to say that software is eating the cybersecurity world as well. The fallout from not integrating security early in the … continue reading

GitHub launches new lab to tackle open-source security

GitHub wants to help protect the open-source ecosystem with the announcement of the GitHub Security Lab. The lab is designed to bring together security researchers, maintainers and companies who are dedicated to open-source security.  In addition, the company will provide tools, resource bounties ,and hours of security research.  “We all share a collective responsibility to … continue reading

Cybersecurity Awareness Month highlights growing problem

National Cybersecurity Awareness Month is observed every October as a way to raise awareness about the importance of cybersecurity, but despite the efforts to provide a safer and more secure Internet — problems still remain.  In 1998, a group of computer hackers went in front of the Senate to warn them about cyber security. The … continue reading

Code analysis tool Semmle joins GitHub

The code analysis platform provider Semmle wants to expand its reach with the announcement that it is joining GitHub. Together, the companies will work on addressing a big issue in open-source software: security.  RELATED CONTENT: Going to school on open-source security “Software security is a community effort; no single company can find every vulnerability or … continue reading

When does SCA replace SAST or DAST?

The short answer is never. There, I just saved you enough time that you can go and do the right thing and run SAST and DAST and work on hardening your code, instead of trying to test security into your application. Look, every time a new technology, process, or technique comes along there are some … continue reading

Report: Organizations fail to remediate app security vulnerabilities

Software security continues to be a top priority for organizations and development teams, but they are still struggling to address vulnerabilities in their applications. A recently released report revealed while organizations are beginning to increase their application testing efforts, their remediation rates are falling.  The 2019 WhiteHat Application Security Statistics report is based on data … continue reading

The future of application security

A crystal ball presentation on the future of application security at the Gartner Security and Risk Management Summit this year caught the eye of us in the software security space. In case you missed it, the top-line predictions were: By 2022, software composition analysis (SCA) will surpass traditional AST tools (SAST, DAST) as the primary … continue reading

Report: The costs of data breaches are rising

The costs of data breaches are continuing to rise. A new report has found the cost has risen 12 percent over the last five years and now costs $3.92 million on average per breach. Last year, the average cost was $3.86 million.  According to the report, the formation of an incident response team, extensive use … continue reading

Equifax agrees to pay at least $575 million in data breach settlement

Equifax will finally have to pay for its 2017 data breach, which compromised up to 147 million users and exposed sensitive information like credit card numbers, social security numbers, names, birthdays and addresses. The Federal Trade Commission (FTC) has revealed Equifax has agreed to pay at least $575 million as part of a global settlement … continue reading

Microsoft turns to Rust for safer code

Microsoft is starting to explore new programming languages to protect against security vulnerabilities. The company revealed it is turning to the systems programming language Rust to help developers build more reliable and efficient software.  Microsoft has long turned to languages like C++ and C# in their security efforts. C# has helped protect against memory corruption … continue reading

A developer’s guide to key storage providers

As a developer, you specialize in code – not security.  However, as DevOps continues to blend roles and responsibilities, the typical software developer has become responsible for more and more operational aspects like security. A core component of application and IoT security is code signing. Let’s start with a basic definition. Code signing is a … continue reading

Report: Not all open-source software is created equal

While open-source software is an integral part of software development today, security continues to be an issue. A recently released report revealed a 71 percent increase in open-source security related breaches over the last five years. In addition, 25 percent of organizations reported a confirmed or suspected open-source software related breach.  RELATED CONTENT: Open source … continue reading

1 2 3 17
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!