Application Security & Software Security Blog

The 411 on Stack Overflow and open source license compliance

Developer communities like Stack Overflow are a great resource for your open source projects, but proper due diligence is required to manage compliance risks.

Securing the IoT tsunami

IoT devices create wider attack surfaces for hackers. Learn about today’s IoT security challenges and how security testing can help.

What the 2021 OSSRA report tells us about the state of open source in commercial software

Open source vulnerabilities are on the rise according to the new OSSRA report. Get the latest information on open source security, compliance, and code quality risk.

Neil Daswani talks about his big breaches book and the BSIMM

Dr. Neil Daswani discusses the root causes of today’s breaches and how the BSIMM can help companies achieve the right security habits.

Penetration testing: A yearly physical for your applications

Regardless of your company’s maturity level, penetration testing should be conducted annually to understand the health of your applications.

Integrating fuzzing into DevSecOps

Fuzzing helps detect unknown vulnerabilities before software is released. Learn when and where to integrate and automate fuzz testing in your SDLC.

Don’t be the weak link in your customers’ supply chain security

To solve the supply chain security dilemma, producers must get back to security basics. Get best practices for securing your supply chain.

Medical device security in a pandemic world

The pandemic has put a lot of things on hold over the last year, but medical device security shouldn’t be one of them.

AppSec Decoded: What are organizations doing to manage open source vulnerabilities?

In this AppSec Decoded interview, we look at the top takeaways from the ‘DevSecOps Practices and Open Source Management in 2020’ report.

Synopsys CyRC named a CVE Numbering Authority

As a CVE Numbering Authority, Synopsys can assign CVE ID numbers and publish newly discovered vulnerabilities.

Next Entries »

Be the first to know

Don’t miss the latest AppSec news and trends every Friday.

Subscribe to the blog

The state of open source in commercial software

Software Integrity Blog

Eight must-have features in an IAST solution

Things to consider when choosing a software composition analysis tool

How To Cyber Security: Put the Sec in DevOps with Intelligent Orchestration

The 411 on Stack Overflow and open source license compliance

Securing the IoT tsunami

What the 2021 OSSRA report tells us about the state of open source in commercial software

Neil Daswani talks about his big breaches book and the BSIMM

Penetration testing: A yearly physical for your applications

Integrating fuzzing into DevSecOps

Don’t be the weak link in your customers’ supply chain security

Medical device security in a pandemic world

AppSec Decoded: What are organizations doing to manage open source vulnerabilities?

Synopsys CyRC named a CVE Numbering Authority

Legal

Follow