The evolution of the CISO (chief information security officer) position over the past few years is nothing short of remarkable. Not too long ago, ensuring that a business's technology was secure fell to the CTO or CIO. But as the value of security has increased, the majority of enterprises now have…

With everything on a CISO's plate, preventing and reacting to external attacks has usually been done on a contingency basis, with a reliance on existing security to keep hackers away and the hope that a directed attack doesn't occur. But today, a majority of security professionals expect their…

It's nearly impossible for modern enterprises to avoid third-party software and outsourced code. But as hackers and thieves continue to focus on the software layer, it's becoming increasingly important for every enterprise to develop a process for addressing their outsourced or third-party software…

With almost every software development team now utilizing open source code, outsourced development, commercial-off-the-shelf (COTS) software or some other form of outsourced software, the need to understand proper third-party security has never been greater. The gamut of methods for analyzing third…

In the modern, fast-paced world of Agile software development, where an organization may have new or updated web apps released every few days or weeks, application security scans are sometimes delayed until the last part of the quality assurance (QA) phase. However, even if developers are versed in…