DevSecOps Archives

Artificial Intelligence

How to Close the AI Governance Gap in Software Development

Widespread adoption of AI coding tools accelerates development—but also introduces critical vulnerabilities that demand stronger governance and oversight.

Matias MadouSeptember 5, 2025

Vulnerabilities

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution

Organizations can align their processes with one of two global industry standards for self-assessment and security maturity—BSIMM and OWASP SAMM.

Matias MadouMarch 13, 2025

Application Security

Sola Security Deposits Hefty $30M Seed Funding

The financing was provided by S Capital and investor Mike Moritz, S32, Glilot Capital Partners, and several angel investors.

SecurityWeek NewsMarch 11, 2025

Artificial Intelligence

How to Eliminate “Shadow AI” in Software Development

With a security-first culture fully in play, developers will view the protected deployment of AI as a marketable skill, and respond accordingly.

Matias MadouJanuary 14, 2025

Management & Strategy

How to Implement Impactful Security Benchmarks for Software Development Teams

Benchmarking is all about taking back control – you’re measuring to gain complete awareness of your development teams’ security skills and practices.

Matias MadouDecember 19, 2024

Artificial Intelligence

How to Improve the Security of AI-Assisted Software Development

CISOs need an AI visibility and KPI plan that supports a “just right” balance to enable optimal security and productivity outcomes.

Matias MadouOctober 29, 2024

Application Security

How Exceptional CISOs Are Igniting the Security Fire in Their Development Team

For years, many CISOs have struggled to influence their development cohort on the importance of putting security first.

Matias MadouAugust 20, 2024

Artificial Intelligence

AI Hallucinated Packages Fool Unsuspecting Developers

Software developers relying on AI chatbots for building applications may end up using hallucinated software packages.

Ionut ArghireApril 1, 2024

Government

Federal Push for Secure-by-Design: What It Means for Developers

Secure-by-design is clearly important to the federal government, and there is a strong possibility that it will become a regulatory requirement for the critical...

Kevin TownsendNovember 7, 2023

Vulnerabilities

Thousands of Code Packages Vulnerable to Repojacking Attacks

Despite GitHub’s efforts to prevent repository hijacking, cybersecurity researchers continue finding new attack methods, and thousands of code packages and millions of users could...

Eduard KovacsSeptember 12, 2023