Is LocalStorage safe to use?

Local storage has caught the attention of developers as a lightweight solution for data storage that doesn’t involve databases or even the server. That’s neat, but is it always a good idea to use it? Here are a few thoughts from the folks at Snyk.

January 30, 2020

29% of highest security integration orgs endure friction when collaborating

A watermark of traditional security activities within organizations is the high tension between security teams, the operations or IT, and the core R&D engineering. When all of these teams are siloed with their activities and overall goals unaligned, they create tension and friction that manifests in mis-executive security activities. However, when security practices are integrated […]

January 28, 2020

31% don’t track application dependencies and 38% only track direct dependencies

As we look into the way engineers audit their code bases, we see a strong adoption of automated security tooling, according to the Snyk State of Open Source Security report 2019, with 65% of respondents confirming that observation. It is also important to point out that, even when automated security tools are employed, 79% of the respondents still use security code reviews.

January 28, 2020

48% see security a major constraint on the ability to deliver software quickly

With every data breach disclosed, organizations become more aware of the need to address security early on and throughout the SDLC to ensure customer privacy and assets, feature security, and delivery speed. To do it all well, DevSecOps must be driven by security, but powered by developers.

January 28, 2020

DevSecOps Insights 2020

We are thrilled to announce and share with you the Snyk 2020 DevSecOps Insights! In this study, we discuss the state of DevSecOps, key activities, focus areas, and takeaways. This study is based on data presented in the Snyk 2019 State of Open Source Security report and the Puppet 2019 State of DevOps report. The […]

January 28, 2020

The cost of a security breach

Back in 2017, the Atlanta-based credit monitoring company Equifax was hacked. Equifax had been using an outdated version of the Java Apache Struts library in their system, making it possible to infiltrate their system through a known vulnerability.  As a result of this breach, the company exposed the personal details of 143 million Americans.  Recently […]

January 22, 2020

Scaling security through DevSecOps & dev-first security

Digital transformation is not a buzzword - it’s a force. Practically all businesses, big and small, seek to make technology their core, and to accelerate their ability to adapt to the market. And yet, as entire enterprises seek to reshape themselves to meet these new challenges - security stays behind. If we’re going to base our approach on the new digital reality, we first need to understand it - what are the key changes that take place during Digital Transformation, and what is their impact on security? We’ll break it up into three main changes: Digital Business, Cloud and DevOps. 

January 21, 2020

Snyk Closes $150M to Accelerate Developer-first Security

We are thrilled to announce that Snyk has closed $150 million in funding to accelerate our vision to bring a new approach to application security, enabling businesses to continuously build security into their application development process and culture.

January 21, 2020

Navigating your own career growth in a hyper-growth startup

I’m frequently asked for advice by friends and colleagues on how to navigate career growth in the startup world. At many companies in hyper-growth, as with Snyk, the sheer rate of change can create numerous opportunities but also a lot of ambiguity. This post is a peek at the advice I give my friends and […]

January 7, 2020

Understanding filesystem takeover vulnerabilities in npm JavaScript package manager

On the 11th of December, 2019  a security vulnerability which extends to all major JavaScript package managers (npm, yarn and pnpm) was publicly disclosed. This vulnerability, discovered by security researcher Daniel Ruf, allows malicious actors to apply varied tactics of arbitrary file overwrites. In this article: How do Node.js command line packages work? How does […]

January 7, 2020

Building security into your Azure DevOps Pipeline

Azure Pipelines allows users to focus more time on writing their applications by making it easy to automate their builds, tests, and deployments. Specifically, Tasks for Azure Pipelines enables users to customize and automate an Azure Pipelines CI/CD workflow with a group of ready-to-use tasks that can be inserted into pipelines from the Azure Pipelines […]

December 16, 2019