Spring4Shell: New info and fixes (CVE-2022-22965)
In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE …
software development
Where should companies start when it comes to device security?
The Internet of Things (IoT) market has a security problem that is boiling over into a business issue. According to a recent survey conducted by the Ponemon Institute, 59% of …
The benefits of implementing continuous security in the development lifecycle
Wabbi published new research with IDG that finds companies utilizing continuous security have decreased vulnerabilities by 50%. The study focused on the integration of …
Is next-gen threat modeling even about threats?
The threat landscape evolves with technology, and as threats grow in sophistication, there are concerns about major events like the Colonial Pipeline ransomware attack or the …
Why low-code and identity must co-exist
Software development has emerged as a critical task for organizations looking to compete in the digital economy. It increasingly fuels innovation and even disruption. Yet, …
What makes a successful development team?
CircleCI unveiled its report on the state of software delivery, examining two years of data from more than a quarter billion workflows and nearly 50,000 organizations around …
The simple secret to app security? Time
The thing about being a security consultant is that people are always looking to you for the “secret” to building a secure digital anything. And by “secret,” they usually mean …
The importance of building in security during software development
Checkmarx released the UK findings of its report which found that 45% of organizations have suffered at least two security breaches as a direct result of a vulnerable …
The Linux Foundation’s Census of OSS app libraries helps prioritize security work
The Linux Foundation announced the final release of “Census II of Free and Open Source Software – Application Libraries,” which identifies more than one thousand of the …
Take a dev-centric approach to cloud-native AppSec testing
The era of the cloud-native application is well and truly upon us: IDC researchers have predicted that by 2023, more that 500 million apps will be developed using cloud-native …
Software supply chain security still a pain point
ActiveState announced the results of its survey, providing insights into the security challenges of the software industry’s open source supply chain, which includes the …
How do I select an API security solution for my business?
As the importance of Application Programming Interfaces (APIs) continues to grow and API traffic accelerates, there’s a growing need to make sure it completes its tasks …