Evan Wade

Evan Wade is a professional freelance writer, author, and editor from Indianapolis. His time as a sales consultant with AT&T, combined with his current work as a tech reporter, give him unique insight into the world of mobile/Web security and the steps needed to properly secure software products. Follow him on Twitter.
Posts by Evan Wade

Searching Third-Party Code (and Third-Party Vendors) for Red Flags

June 19, 2015

In some ways, dealing with problems caused by insecure third-party code is harder than resolving internal development issues. By default, you have less direct control over a vendor's actions when a security issue is discovered, making it difficult ensure that the issue is remediated. There are additional enterprise-vendor relationships to navigate -- sales teams, vendor executives,... READ MORE

How Automated Code Testing Helps First Parties Handle Their Vendors

June 15, 2015

You don't need to be a CISO to know the importance of scanning code as you go, even if that code is being produced by third parties. It's the how and when third-party code should be scanned that make things get complicated. The answers vary depending on the project, the organization producing it, its third-party suppliers, etc. Yet in spite of the differences, there is a clear-cut best... READ MORE

Managing Third-Party Security Means Getting Compliance in Check

May 21, 2015

Compliance is tricky, and vendors are necessary. These two facts account for a lot of headaches in software development, especially in heavily regulated industries (e.g., healthcare and finance) that handle huge volumes of sensitive data as a matter of course. Further compounding these issues is the fact that first parties are generally just as liable for third-party missteps as they are their... READ MORE

Hiring App Developers: Secure Traits to Search for in Third Parties

May 20, 2015

In some ways, hiring a third-party development team is like bringing on a new employee: You look for the traits, skills and experience you want, and you make a qualified decision based on your research. But the process can be much more complex in practice. After all, hiring app developers for a particular project requires you to make a number of considerations and take several risks. While there... READ MORE

Why Security Compliance Is a Yearlong Commitment

May 19, 2015

Security isn't just a scheduled event or a box on a checklist — and increasingly, neither is security compliance. Sure, countless people reading this article have pulled the "prepare for audit" shuffle, in which entire departments run around like proverbial headless chickens to ready themselves for that dreaded moment when the auditor walks through the door. And that stress... READ MORE

Build Third-Party Relationships Through Effective Communication

May 14, 2015

The fact that communication is a vital aspect of successful third-party relationships is obvious. ("You mean to tell me I have to talk to the companies producing my code? Jeez, next you'll say I have to give them money or something!") That said, simple statements can hold a lot of meaning, and woe be unto companies that don't do a good job communicating in all the forms that... READ MORE

Security Breach Response Plans Aren't Just Smart — They're Necessary

May 5, 2015

When it comes to best practices, proactively creating a security breach response plan falls somewhere between "paying your employees" and "not blowing your project budget on lottery tickets" on the common-sense scale. In an age where certain information can be as desirable as the most expensive luxury goods, knowing what to do before a compromise occurs means not learning on... READ MORE

The Proof (and Profit) of Security Audits Is in the Pudding

April 21, 2015

Software buyers are increasingly focusing on security as a requirement in the product they purchase. This is far from a bad thing — it's how these software buyers ensure their employees and customers are secure. But it can represent a roadblock for the vendors that supply the software products. Suddenly, testimonials and self-attestations don't carry the weight they once did,... READ MORE

How Third-Party Risk Management Makes Outsourcing Easy

April 17, 2015

It's no secret that third-party vendors are the backbone of software development. Positions are being created at a record pace while the roles behind them continue to drill down into more specific duties. Just throw in the scores of non-tech businesses continually uncovering critical software needs, and you have an industry in which outsourcing becomes less of a possibility and more of a self... READ MORE

SOS: Why Scaled Agile Needs Repeatability

April 10, 2015

Consistency is key. While those words may sound general, they carry a lot of meaning in the software world. The ground-level view of an average company may look like chaos from time to time, but the organizations that beat their budgets and time-to-market goals are often the ones that have found a way to replicate a good system. When a company is experiencing explosive growth, the problem lies in... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu