Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Tech giant IBM plans to acquire early-stage attack surface management startup Randori in a deal that signals a major expansion of Big Blue’s cybersecurity ambitions. [Read More]
Apple’s App Store prevented more than 1.6 million risky applications and app updates from defrauding users. [Read More]
Ten Eleven Ventures has joined a growing list of cybersecurity-focused venture capital firms raising new funds to invest in startups solving information security problems. [Read More]
Sequoia is leading a massive $50 million early-stage investment in Chainguard, a startup created by a team of ex-Google software engineers to "make software supply chain secure by default." [Read More]
Cybercriminals operating the Clipminer botnet have made at least $1.7 million in illicit gains to date, according to estimates from Symantec researchers. [Read More]
Devo Technology, a late-stage startup building technology for data logging and security analytics, has closed a new $100 million funding round that pushes its valuation in the $2 billion range. [Read More]
ReliaQuest shells out $160 million to add threat intelligence capabilities to its flagship GreyMatter platform. [Read More]
Interpol has announced the arrest of three Nigerians accused of using the Agent Tesla malware to redirect financial transactions and steal data. [Read More]
Forgepoint Capital is pumping $10 million into a startup incubated to provide incident response services to the cyber-insurance ecosystem. [Read More]
Bug hunters at Microsoft are calling attention to several high-severity vulnerabilities in a mobile framework used by carriers in pre-installed Android System apps. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Travis Greene's picture
Shadow IT 2.0 is a symptom of a bigger problem – the inability to maintain digital competitive advantage due to the insufficient pace of code deployment.
Jim Ivers's picture
Savvy organizations have learned how to use a mix of static and dynamic application security testing types to increase their coverage and lower their risk.
Dan Cornell's picture
When security teams can assess brand, financial, strategic risks – they are best able to act as a trusted advisor to DevOps teams as they build and maintain secure systems.
Travis Greene's picture
2017 is the year for information security teams to align to the work being done in DevOps – whether you call it DevSecOps or not.
Lance Cottrell's picture
OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
Jim Ivers's picture
Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
David Holmes's picture
Considering that you can find vendors, startups, and specialists in any of these 28 application security technologies, is it realistic to expect any one person to be a subject matter expert in all of them?
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.
Jim Ivers's picture
Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.