Articles

Developer-First Security: How Dev-Friendly AppSec Boosts Security

Developer first security empowers developers to secure products and applications with tools, education, and policies that fit into existing workflows

How to prioritize vulnerabilities based on business risk

Vulnerability prioritization entails organizing and ranking an application's vulnerabilities to streamline remediation efforts; this involves assessing each vulnerability based on severity, risk, reachability, business criticality, and potential impact.

What is Incident Response? Definition, Steps and Tools

Everything you need to know about incident response including steps for creating an effective incident response plan that mitigates the damage of a cyber attack.

The shared responsibility model for cloud security

Cloud security is a shared responsibility between cloud providers and customers.

Best practices for driving developer adoption of security tools and processes

Learn best practices for driving developer adoption of security tools and processes.

Understanding development teams

Driving developer adoption of security tools and practices requires empathy for and understanding of your development teams.

Empowering your developers

Learn how to support your teams so they feel empowered to adopt developer security practices and tools.

Understanding the developer attitude to security

Learn why developers adopt security practices, what the blockers are, and what you can do to make it easy for them to stay secure.

Open Source Audits Explained

Open source auditing checks the open source software used in your applications for security vulnerabilities and license violations within the open source libraries or between the open source software and the product company.

DevOps becomes DevSecOps!

There’s some talk about DevOps being overrated, but imagine the alternative: a world in which you could only release application updates every month, or every quarter.

Cloud Security Automation

Organizations working towards adopting cloud computing report that security and compliance are two of the top three barriers they face: 35% of cybersecurity professionals stated security is their biggest barrier, while 31% reported compliance (Statista).

Cloud security posture management explained

When many companies move to the cloud, they assume the cloud provider – whether it’s Amazon Web Services (AWS), Google Cloud, Microsoft Azure or any other – is completely responsible for cloud security.

Cloud Security Architecture - Secure by Design

The leading cloud platforms like Amazon Web Services (AWS), Google Cloud (GCP), and Microsoft Azure have thousands of security professionals working to secure their public cloud infrastructure around the clock, but they are not solely responsible for securing cloud deployments.

Defining a secure open source policy

What is an open source policy? Today’s organizations face intense pressure to be more efficient and agile at scale so they can remain viable in an increasingly competitive marketplace.

Why open source governance is key for security

What is open source governance? Open source governance is the recognized rules and customs that guide an open source project.

7 Reasons to Use an Open Source Vulnerability Scanner

Cybercrime is on the mind of every business — from the largest enterprise to small and mid-sized companies that may have limited technical expertise.

Software dependencies: How to manage dependencies at scale

The benefit of software dependencies is that they allow developers to more quickly deliver software by building on previous work.

Open Source Security Explained

Open source software has become widely used over the past few years due to its collaborative and public nature, simultaneously making it convenient for both developers and malicious actors.

DevSecOps Program Success

Improving secure development is a journey that takes time, and starts with getting visibility into the existing security processes and practices that are done by each team today. If this isn’t done in an empathetic way, this process can be perceived as a reaction to development shortcomings. When others think there’s blame or judgment, it’s easy to get defensive responses.

Security Champions and Their Role

Every organization has a different culture that you should try to create a security champions program around. Avoid copy-pasting the exact same program someone else is successfully running, but rather, try to find gems of advice and best practices that you can apply that you feel would work with your teams and culture as well.