Evan Schuman has covered IT issues for a lot longer than he'll ever admit. The founding editor of retail technology site StorefrontBacktalk, he's been a columnist for CBSNews.com, RetailWeek, Computerworld and eWeek and his byline has appeared in titles ranging from BusinessWeek, VentureBeat and Fortune to The New York Times, USA Today, Reuters, The Philadelphia Inquirer, The Baltimore Sun, The Detroit News and The Atlanta Journal-Constitution.
The enterprise challenge in generating secure code is well known: as software becomes a competitive advantage and customers expect regular updates, the need to release new features and content frequently often trumps the need to release secure code. Although that's a true conflict, it's not the full story. Psychology can play almost as big a role, with security teams often perceived by developers… READ MORE
Stay up to date on Application Security
- Can DevSecOps Boost Your Bottom Line?
One of the sad truths about security is that it has typically been viewed by enterprise C-level executives as akin to an insurance policy – necessary, but would never produce profits, boost revenue, or attract new customers. But are those long-held perceptions changing? A recent CA study found that they might be. The study found that companies that prioritized security efforts in app development… READ MORE
- Maximizing the Bang for Your Security Training Buck
Training developers on application security is critical to the success of every security program, but many companies deploy training improperly or insufficiently, argues Maria Loughlin, VP of Engineering at CA Veracode. Companies can increase the bang for their training buck by matching their training delivery and curriculum to the needs of their organization. Consider the channel A successful… READ MORE
- IT Is Finally Embracing DevSecOps
It’s taken quite some time to get here, but enterprise IT execs are finally embracing DevSecOps. The latest indicator that it’s happening is the 2018 Gartner Magic Quadrant for Application Security Testing, which predicted in March that “by 2019, more than 50% of enterprise DevOps initiatives will have incorporated application security testing (AST) for custom code, an increase from fewer than 10… READ MORE
- A Very V-E-R-Y Long Day Without Software
Over the summer, some friends at Veracode approached me and asked if I would be willing to help them with an experiment. Could I, they wanted to know, spend an entire day neither using nor leveraging any software whatsoever. They bet me that I couldn’t. I love a challenge as much as any journalist so I said “Sure. How hard could it possibly be?” The point of this is to make business people better… READ MORE
Doing security well is hard work, but it should never block useful functionality for your customers. If security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. And yet two instances from this month suggest that is exactly what is happening. Let's start with election… READ MORE
March brought with it yet more news of app security headaches. The latest is the discovery of "132 Android apps on Google Play infected with tiny hidden IFrames that link to malicious domains in their local HTML pages," according to the security firm that made the discovery. But before you dismiss this latest security hole with a yawn and a "so what else is new?," consider… READ MORE
- How About Some Shared Security Responsibility For Developers?February 9, 2017 | Security News
With the New Year unfolding, 'tis the season to be reminded that app security has not yet arrived at the optimal state. Consider this piece from Kaspersky's Threatpost pointing out how re-used third-party libraries perpetuate security holes long after they have been discovered. For 2017, the industry needs a change in approach. AppSec is certainly getting better, but enterprise security… READ MORE
- Examining Security Spend Reveals Much About PrioritiesFebruary 7, 2017 | Security News
When it is treated as an afterthought, security can never work. When enterprises purchase and write thousands of applications without any formal app security mechanism, they are opening themselves up to breaches. What recent reports show is that there is a real disconnect between the spend on applications and the investment in protecting them. Gartner is projecting that U.S. enterprises… READ MORE
- Some Surprises in the New New York Cybersecurity RegulationsFebruary 2, 2017 | Security News
In the US, there exist no meaningful national cybersecurity rules, but, as a practical matter, that is likely to change this year. But it's not coming from Congress. The catalyst is new rules slated to start in March from the New York State Department of Financial Services. In financial areas, that New York department is typically mimicked by a wide range of other state regulators, along with… READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.