Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Researchers have resurrected a 15-year-old Python vulnerability that is present in an estimated 350,000 open source projects and many closed-source applications. [Read More]
CrowdStrike is elbowing its way into new security markets with a planned acquisition of attack surface management startup Reposify and a strategic investment in API security vendor Salt Security. [Read More]
Ride sharing giant Uber is downplaying the impact from a devastating security breach that included the theft of employee credentials, access to the HackerOne bug bounty dashboard and data from an internal invoicing tool. [Read More]
Security Operations Center (SOC) platform provider Cyrebro has raised $40 million in Series C funding. [Read More]
Industry professionals comment on the new guidance from the US government asking for security guarantees from software vendors. [Read More]
The non-profit foundation is building a team to proactively identify and address security defects in the popular Rust programming language. [Read More]
The Silicon Valley company has raised a total of $135 million since its launch in 2016 as a provider of data encryption technology using Intel SGX. [Read More]
The White House wants software developers that provide products and services to the government to guarantee that security requirements are met. [Read More]
Dig Security’s latest financing comes as venture capital investors rush to place bets on startups jostling for space in the cloud data security space. [Read More]
Microsoft says its security teams have detected zero-day exploitation of a critical vulnerability in its flagship Windows platform. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

William Lin's picture
AppSec is key to protecting production workloads from modern threats, but there are still too many silos and too much friction in existing implementations.
Joshua Goldfarb's picture
By understanding how to identify, isolate, and remove unwanted bot and fraud traffic, enterprises can remove the noise clouding the visibility they have into their online applications.
Gunter Ollmann's picture
CISOs are increasingly partnering with DevOps leaders and vigilantly modernizing secure development lifecycle (SDLC) processes to embrace new machine learning (ML) approaches.
Gunter Ollmann's picture
The philosophy of integrating security practices within DevOps is obviously sensible, but by attaching a different label perhaps we are likely admitting that this “fusion” is more of an emulsification.
Preston Hogue's picture
The ability to look deeply into user and system behavior and identify the smallest anomaly will become the essential toolkit to stem the tide of fraud and theft in financial services.
Preston Hogue's picture
Retailers should ensure that they are proactively scanning for vulnerabilities in the website, as well as deploying a solution to monitor traffic.
Preston Hogue's picture
Every piece of hardware, every integration, every API, every process, as well as applications themselves, are potential targets.
Preston Hogue's picture
Applications have been deconstructed to the point where we need to think about them with a new level of abstraction to understand how security needs to evolve.
Preston Hogue's picture
The best way for the security industry to meet the challenge of modern applications and modern app development is to adopt a modern way of supporting those from a security perspective.
Preston Hogue's picture
ChatOps offers a bridge to a fully realized vision for DevSecOps, offering a much quicker path to resolution for both security and non-security issues.