Doug Bonderud

Doug Bonderud is a freelance writer passionate about the evolution of technology and its impact on companies, stakeholders and end-users alike. Want to know more? Follow Doug on Twitter.
Posts by Doug Bonderud

Vendor Management: 5 Best Practices for Secure Applications

June 24, 2015

Third-party software can be problematic. Just ask American Airlines, which recently experienced an issue with its iPad-based electronic flight bags. A misconfiguration in third-party mapping software caused the devices to crash when pilots tried to access a specific map, in turn delaying flights and frustrating crew members. Thankfully, the issue wasn't malicious, but it does highlight the... READ MORE

Cloud-Based Application Security: Bank on It?

June 22, 2015

Clouds are less secure. This is the long-held wisdom of cloud computing, the notion that goes bump in the night and keeps many companies from moving any or all of their data off local stacks. It comes with a host of anecdotal "evidence" to prove the point: Surely, cloud services must be less secure because they're "outside," beyond the benefit of in-house protection and... READ MORE

Bug Bounty Programs Take Off With New United Airlines Offering

June 16, 2015

Bug bounty programs are nothing new. Companies from Google to Microsoft to Mozilla offer up cash and other rewards for so-called "white hat" hackers willing to find and report critical problems in network infrastructure. Now, United Airlines (UA) is also opting in, offering up to one million air miles to bounty hunters who find "remote execution codes" and turn over their data... READ MORE

Enterprise Risk Management and the ISV Conundrum: No One Gets Fired for Choosing IBM

June 8, 2015

Independent software vendors (ISVs) face a tough market. While small businesses and enterprises alike are always on the lookout for the next breakout software-as-a-service or on-premises solutions, they're not willing to risk security breaches just to get a step ahead. This means ISVs must make both software security and enterprise risk management key components of every product they develop... READ MORE

Cyberespionage: Enterprise Nuisance or National Crisis?

April 29, 2015

According to President Obama, cyberespionage has crossed the threshold from "nuisance" to "national emergency." As reported by National Journal, the president signed an order allowing the treasury secretary, attorney general and secretary of state to impose financial sanctions on the groups and people behind cyberattacks that "create a significant threat to US national... READ MORE

Finding the Risk Factor in IT Security for Small Business

April 16, 2015

Enterprises are the ideal targets for hackers. That's common wisdom, backed up by story after story about big banks and retailers getting breached. It makes sense: These organizations hold massive amounts of customer data in trust — everything from credit card numbers to birth dates and e-mail addresses. As a result, successful attacks often mean big paydays for malicious actors. But IT... READ MORE

Cloud Computing Trends: Fueling DevOps AppSec Integration

April 15, 2015

Cloud computing trends show this technology is on the way up: RightScale's new "2015 State of the Cloud Report" — as detailed by Market Wired — found 93 percent of organizations are already running cloud applications or experimenting with Infrastructure as a Service (IaaS). DevOps isn't much further behind, with the report showing adoption is up to 66 percent across... READ MORE

The Agile Development Environment and the Rise of Right-Angle Thinking

April 14, 2015

How do companies develop industry-leading apps? Often the answer lies in a horizontal, Agile development environment structured around team-based, iterative design over strict adherence to policy and leadership hierarchy. And how do companies protect their newly developed apps? With vertical AppSec strategies that focus on conformity over creativity. The result of these efforts is a critical... READ MORE

Mandatory Breach Notification Gets New Push From US Senator

April 13, 2015

Should companies be required to notify consumers in the event of a data breach? Senator Mark Kirk thinks so, and according to SC Magazine, he plans to introduce a bill that would compel businesses to disclose a breach under certain conditions. Kirk and other advocates see this as a way "to make sure the system that Congress designs is easy for industry to put in place and doesn't act... READ MORE

Talking to Security Vendors: 3 Questions Every CISO Needs Answered

April 8, 2015

Companies can no longer manage IT security alone. It's not an issue of weakness or inability; the network and end-point landscape has simply become too complicated for even enterprise IT teams to handle. As a result, more and more organizations are reaching out to third-party security vendors. For example, Computer Business Review reports 34 percent of UK companies already use managed... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu