Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

DevSecOps success takes people, not just technology

Want DevSecOps? Here are some tips to get your development, security, and operations teams communicating effectively and working toward a single purpose.

Continue Reading...

Posted in Agile, CI/CD & DevOps | Comments Off on DevSecOps success takes people, not just technology

 

How to deal with legacy vulnerabilities

Are you releasing software with legacy vulnerabilities that you put aside to address later but forgot about—or that you didn’t even know were in your code?

Continue Reading...

Posted in Application Security, Open Source Security | Comments Off on How to deal with legacy vulnerabilities

 

What is security debt, and how do I get out of it?

Security debt refers to the accumulation of vulnerabilities in your software that make it harder to protect your data and systems. How do you get rid of it?

Continue Reading...

Posted in Application Security | Comments Off on What is security debt, and how do I get out of it?

 

Thoreau’s ‘simplify’ exhortation hovers over RSA

Developers have no time for your complex security processes. Making application security simple means focusing on essentials and cutting through the noise.

Continue Reading...

Posted in Application Security, Developer Enablement | Comments Off on Thoreau’s ‘simplify’ exhortation hovers over RSA

 

At RSA: The road to better security is to make it easier

How do you encourage people to do something? Make it easy. Developers too will adopt application security practices, if you make them easy. Here’s how.

Continue Reading...

Posted in Application Security, Developer Enablement | Comments Off on At RSA: The road to better security is to make it easier

 

Start paying down your ‘security debt’ with DevSecOps

Organizations that postpone remediating security issues, or just ignore them, are playing a risky game. But DevSecOps can help reduce your security debt.

Continue Reading...

Posted in Agile, CI/CD & DevOps | Comments Off on Start paying down your ‘security debt’ with DevSecOps

 

Experts: Better IoT security depends on changes in culture, habits

Better IoT security requires a change in consumer culture and habits. But manufacturers should be doing more as well, with better guidance from government.

Continue Reading...

Posted in IoT Security | Comments Off on Experts: Better IoT security depends on changes in culture, habits

 

Want to comply with privacy laws? Start with security

How do you comply with privacy laws that haven’t even been enacted yet? Start by securing your software and systems against cyber attacks and data breach.

Continue Reading...

Posted in Data Breach Security, Software Compliance, Quality & Standards, Software Security Program | Comments Off on Want to comply with privacy laws? Start with security

 

PCI DSS compliance isn’t security, but security can boost compliance

The downward trend in organizations passing PCI DSS interim security testing is worrying. PCI DSS compliance requires security every day, not once a year.

Continue Reading...

Posted in Financial Cyber Security | Comments Off on PCI DSS compliance isn’t security, but security can boost compliance

 

Privacy still eroding on National Data Privacy Day

On National Data Privacy Day, we find little has changed in what numerous privacy advocates and experts have called “the golden age of surveillance.”

Continue Reading...

Posted in Software Compliance, Quality & Standards | Comments Off on Privacy still eroding on National Data Privacy Day