Everything you need to know about secure development, from integrating security into the software development lifecycle (SDLC) to working with developers.
- State of Software Security: Open Source Edition – Key Takeaways for Developers
The popularity of open source libraries isn’t dwindling anytime soon. They’re critical for developer functionality, allowing teams of developers like yours to work faster so they can meet tight deadlines they face on the regular. But some developers may not fully understand the risks that come from using open source libraries, just like the risks we found in State of Software Security: Open READ MORE
Stay up to date on Application Security
- What Does it Take to Be an Effective Developer Manager?
If you’re a software engineer you’ve probably seen one or two of your colleagues graduate from Senior Developer to Developer Manager – some with the sobering realization that managing a team of developers requires significant cross-functional skillsets. Foundationally, to be a successful Developer Manager you must know your stuff when it comes to software development, be passionate about the READ MORE
- Why Fast Feedback Is Critical For Developer Success
In their book Agile Testing: A Practical Guide for Testers and Agile Teams (2008), Lisa Crispin and Janet Gregory wrote that one of the most important factors for success in software development is feedback. “Feedback is a core agile value. The short iterations of agile are designed to provide constant feedback to keep the team on track.” The message still rings true: constant feedback is READ MORE
- Secure Development Without Sacrificing Innovation and Speed
If you know the term “nightly build,” chances are you’ve been a part of that process before. A nightly build - or code compiled overnight from previously checked code - is a foundational way to find flaws or issues that arise from changes made during long build processes. But while a staple in DevOps, nightly builds also present a problem: if new bugs are discovered the following morning after READ MORE
- Frequency, Speed, and Accuracy Are a Match Made in AppSec Heaven
“Make it work, make it right, make it fast.” These words from renowned software engineer Kent Beck will always ring true for developers, especially with the pace of development picking up, not slowing down. A GitLab survey from last year showed nearly half (43 percent) of respondents deploy software on-demand or multiple times per day – that’s nonstop grinding to produce good code. But simply READ MORE
- Realigning Priorities and Building a Bridge Between Security and Development
It’s a common conundrum for application security (AppSec) teams…how can developers and security professionals work together to release software faster? It takes a working relationship, good communication, and the right tools, which most teams don’t have. Even more discouraging, stigmas follow both teams around the office; developers often worry that security is there to slow down or halt their READ MORE
- Announcing Our State of Software Security: Open Source Edition Report
Today, we published a special supplement to our annual State of Software Security report that focuses exclusively on the security posture of the open source libraries found in applications. Prominent in almost every application today, open source libraries allow developers to move faster by quickly adding basic functionality. In fact, it would be nearly impossible to innovate with software READ MORE
- What Caused the SBA Flaw that Exposed Business Owners’ Personal Info?
Current events are reshaping the way we live our everyday lives, and taking a heavy toll on the business world, with organizations of all sizes feeling financial disruption. Business continuity is more essential than ever during the pandemic; not just for customers who rely on products and services, but also for companies that need to keep funds flowing. This has, foreseeably, led to thousands of READ MORE
Customers that have embraced DevOps often ask me for the best metrics to measure their program. I always advocate focusing on policy compliance as the number one metric for understanding your risk, as this provides a succinct measurement of the security of your applications. However, if you are looking to measure and motivate development teams, policy compliance doesn’t give you the granularity READ MORE
- To Scan or Not to Scan? Why Frequency Matters for DevSecOps
Frequency matters. We know from our 10th annual State of Software Security report (SOSS) that when development teams scan their code for security more than 300 times per year, they can reduce their security debt by five times. That’s five times less risk carried around by developers, freeing them up to focus on improving processes and tackling the most dangerous vulnerabilities. Recently, READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.