2 weeks ago I attended RSA Conference 2016 in San Francisco. I had the chance to attend multiple talks in the AppSec track and listen to what the other vendors, thought-leaders and experts had to say. In a nutshell, all talks and discussions revolved around how to get the developers engaged with the security process.
The truth of the matter is, you have no idea what will happen to your code once your application is released. Your code may be used again down the line, it may be altered – and it will most certainly be used in ways you never imagined. Can you start to see why security does
Developers and engineers all around the world are deploying code hundreds of thousands of times a day. Hundreds of millions of lines of code are churned out on a monthly basis, and it’s only going to get faster. Yet the security industry continues to kick our feet about DevOps. But security teams can’t afford
If you’re in need of a great excuse to strengthen – or start – an application security awareness program for your developers, this month is it. October, as you may already know, is National Cyber Security Awareness Month (NCSAM), and hundreds of security-focused organizations, including us, have come together in support of a more secure
Security tools are becoming more and more popular throughout the world of tech, and for security enthusiasts, and it should be something to celebrate about. But, in reality, we still have a long way to go when it comes to the actual use of the tools. We’ve known for years about the major gap between
In the same post where Bruce Schneier famously said that he personally believes “that training users in security is generally a waste of time, and that the money can be better spent elsewhere,” he added an important caveat about training developers. Developers, he wrote, “are people who can be taught expertise in a fast-changing environment, and
In our global, digital world, data is king – and malicious attackers are on a constant lookout for ways to conquer the throne. With a rapidly changing business landscape,the old, reactive approaches to security are no longer enough – if they ever were. Effective application security leaders are changing their tactics to keep up with the transformations.