
The ethics of creating secure software
The permeation of software into every aspect of our lives makes it impossible to avoid. Software has transcended from a technical process into the realm of social morality. Therefore, the consequences are on a massive scale across the...

Blockchain only as strong as its weakest link
The blockchain might be secure, but is all the software interacting with it? In many cases, no. We’ve seen in an increase in cyberattacks due to vulnerabilities in the software side of the blockchain, from wallets to smart contracts...

Keeping the Stars and Stripes secure
Cybersecurity in the government sector has dominated the headlines the past couple years. Should we be concerned? What’s the reality, how did we get here, and what should government entities focus on moving forward?

The good, the bad & the ugly of using open source code components
Component use in development is here to stay. But so are the vulnerabilities lurking in these code snippets. What do developers think about this? Are they concerned, are they frustrated? What’s their take on this problem? We recently...

How to approach business leaders about cybersecurity when they don’t follow the breach headlines
Hint: hit them where it hurts the most – their own personal reputation and livelihood.

3 big application security trends of 2017
The application security headlines of the year 2017 seemed like more of the same grim news, but some appsec trends are reasons to be hopeful.

Application security: what’s working
There are a lot of ways that companies are missing the mark on AppSec, but there are a lot of ways they aren’t, and we can learn a lot from those that are doing it right.
Is 'secure open source component use' an oxymoron?
Component use in development isn’t going away, and neither is its accompanying risk.

DevOps as an AppSec enabler
DevOps is turning out to be more security-friendly than most pundits predicted.

Choose your devsecops team wisely: Your apps depend on it
How choosing the right team will keep your business secure and help it keep pace with the sprinting speeds demanded by the market.
Preparing for the professional cybercrime industry
Ransomware is a growing segment of the cybercrime industry and it's driving a lot of changes in the way hackers operate. Businesses need to know what's happening and shift their defensive strategies accordingly.

Why executive orders aren't enough to fix cybersecurity
Big-picture executive orders won't get the job done. Here's what we should aspire to do to keep ourselves safe at the application layer

The outlook of application security in 2017
Educated guesses about what the direction of application security and secure development based on code has changed over the last year

The solution for IoT security might be simpler than you think
What to do about the systemic risk of IoT devices that spawned the Mirai Botnet

Cybersecurity Awareness Month: Shedding light on application security
Debunking application security fallacies for Cybersecurity Awareness Month

Election system hacks: We're focused on the wrong things
Why we should stop worrying about attribution and learn to love secure code
Application security requires more talk than tech
Building a successful AppSec program requires more than just a few updates from the security team. It's a team effort across the whole organization.
When your security products are insecure: Takeaways from the Symantec disclosure
A reaction to the recent vulnerability disclosure in Symantec products, explaining why they are not a surprise
3 ways an appsec program saves time for developers
Strong application security program can save time for developers by helping them find vulnerabilities sooner, work with security professionals, and by educating developers on security best practices.