If you type ‘Benchmarking’ into Google, the top definition is “evaluating something by comparison with a standard”. Seems simple enough, but the bigger question here is – who sets that standard? In the past, we may have looked to the big enterprise size companies, however breaches such as; Talk Talk, and Target show us that it’s easy to see that even the... READ MORE›

Vtech, TalkTalk, OPM, Premera … you’ve seen the headlines about all the destructive breaches in 2015. Want to avoid the same fate? The best way to reduce your risk of a breach is to implement an application security program. Most organizations have sufficiently secured the network and hardware layers, but have yet to focus their attentions, or budgets, on the security of the application layer.... READ MORE›

Your application security is a problem. So why are you just hearing about this now? Is Big Security suppressing this information? Or could it be that unless there's a huge breach that makes the staff come in on a weekend that anyone bothers to care? It's probably the second one. It's tough to give priority to something that seems to be not a problem the moment. It's true that you... READ MORE›

The importance – and pressure -- of developing and managing secure code aren't lost on today's software vendors. As clouds have drifted into the mainstream, mobility and apps have become pervasive, and user expectations around functionality have grown, the need to deliver updates, patches and improvements on a regular and ongoing basis has skyrocketed. Many software providers now... READ MORE›

Fred arrives at his customer site with a brief job description, a name, address and telephone number. The job is a secure code reviewer. Secure code reviewers are often employed to try to find security weaknesses during or at the end of a development cycle. A security consultant, typically a penetration tester or secure coding expert, will look at the source code and try to find weaknesses... READ MORE›

How the heck did that happen? They just took your business. Do you know what sucks? Losing a HUGE sales opportunity that was custom made for your company. Literally custom-made: you worked with the executive sponsor and wrote the RFP for her. You spent hours in that window-less room and on the phone with your prospect making sure you had all your differentiators captured so that no competitor... READ MORE›

Software makes the world go round these days, and it’s also causing a lot of problems. The U.S. Department of Homeland Security recently found that 90 percent of security incidents result from exploits against defects in software. It sometimes seems like we’re just rolling out the red carpet for cyberattackers with our applications. Why is software so riddled with security defects?... READ MORE›

According to a CERT 2015 advisory of the top 30 vulnerabilities, nearly all are application vulnerabilities. But that's not why application security is the most important part of the security ecosystem. According to Business Insider, there are approximately 1.8 billion mobile web users and 1.6 desktop web users. Mobile apps are dominating how people access the Internet; of desktop users, the... READ MORE›

Heartbleed, Shellshock, FREAK, POODLE, VENOM – these are just some of the branded vulnerabilities that were disclosed in the past two years. With so many branded vulnerabilities coming out executives are paying more attention to application security. This is great, except that it also means security professionals are under increased pressure to react to vulnerability disclosures, rather... READ MORE›