Evan Schuman

Evan Schuman has covered IT issues for a lot longer than he'll ever admit. The founding editor of retail technology site StorefrontBacktalk, he's been a columnist for CBSNews.com, RetailWeek, Computerworld and eWeek and his byline has appeared in titles ranging from BusinessWeek, VentureBeat and Fortune to The New York Times, USA Today, Reuters, The Philadelphia Inquirer, The Baltimore Sun, The Detroit News and The Atlanta Journal-Constitution. 
Posts by Evan Schuman

A Security Champion in the Developer Midst May Just Solve the Secure Code Conundrum

July 3, 2018

The enterprise challenge in generating secure code is well known: as software becomes a competitive advantage and customers expect regular updates, the need to release new features and content frequently often trumps the need to release secure code. Although that's a true conflict, it's not the full story. Psychology can play almost as big a role, with security teams often perceived by developers... READ MORE

Can DevSecOps Boost Your Bottom Line?

June 25, 2018

One of the sad truths about security is that it has typically been viewed by enterprise C-level executives as akin to an insurance policy – necessary, but would never produce profits, boost revenue, or attract new customers. But are those long-held perceptions changing? A recent CA study found that they might be. The study found that companies that prioritized security efforts in app development... READ MORE

Maximizing the Bang for Your Security Training Buck

June 8, 2018

Training developers on application security is critical to the success of every security program, but many companies deploy training improperly or insufficiently, argues Maria Loughlin, VP of Engineering at Veracode. Companies can increase the bang for their training buck by matching their training delivery and curriculum to the needs of their organization. Consider the channel A successful... READ MORE

IT Is Finally Embracing DevSecOps

May 31, 2018

It’s taken quite some time to get here, but enterprise IT execs are finally embracing DevSecOps. The latest indicator that it’s happening is the 2018 Gartner Magic Quadrant for Application Security Testing, which predicted in March that “by 2019, more than 50% of enterprise DevOps initiatives will have incorporated application security testing (AST) for custom code, an increase from fewer than 10... READ MORE

A Very V-E-R-Y Long Day Without Software

October 11, 2017

Over the summer, some friends at Veracode approached me and asked if I would be willing to help them with an experiment. Could I, they wanted to know, spend an entire day neither using nor leveraging any software whatsoever. They bet me that I couldn’t. I love a challenge as much as any journalist so I said “Sure. How hard could it possibly be?” The point of this is to make business people better... READ MORE

Striking the Right Balance Between Security and Functionality

March 23, 2017  | Security News

Doing security well is hard work, but it should never block useful functionality for your customers. If security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. And yet two instances from this month suggest that is exactly what is happening. Let's start with election... READ MORE

Android App Holes Means You're On Your Own

March 13, 2017  | Security News

March brought with it yet more news of app security headaches. The latest is the discovery of "132 Android apps on Google Play infected with tiny hidden IFrames that link to malicious domains in their local HTML pages," according to the security firm that made the discovery. But before you dismiss this latest security hole with a yawn and a "so what else is new?," consider... READ MORE

How About Some Shared Security Responsibility For Developers?

February 9, 2017  | Security News

With the New Year unfolding, 'tis the season to be reminded that app security has not yet arrived at the optimal state. Consider this piece from Kaspersky's Threatpost pointing out how re-used third-party libraries perpetuate security holes long after they have been discovered. For 2017, the industry needs a change in approach. AppSec is certainly getting better, but enterprise security... READ MORE

Examining Security Spend Reveals Much About Priorities

February 7, 2017  | Security News

When it is treated as an afterthought, security can never work. When enterprises purchase and write thousands of applications without any formal app security mechanism, they are opening themselves up to breaches. What recent reports show is that there is a real disconnect between the spend on applications and the investment in protecting them.  Gartner is projecting that U.S. enterprises... READ MORE

Some Surprises in the New New York Cybersecurity Regulations

February 2, 2017  | Security News

In the US, there exist no meaningful national cybersecurity rules, but, as a practical matter, that is likely to change this year. But it's not coming from Congress. The catalyst is new rules slated to start in March from the New York State Department of Financial Services. In financial areas, that New York department is typically mimicked by a wide range of other state regulators, along with... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu