Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

How to champion security in DevOps

Making the shift from DevOps to DevSecOps requires better communication, which you can help your teams accomplish with security training and enablement.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Application Security

 

How DevSecOps done right makes application security easier

How do you integrate application security into DevOps? By enabling your developers to address security issues with automation, integration, and training.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Application Security

 

Security bugs and flaws: Both bad, but in different ways

Security flaws are different from bugs, but they endanger the security of applications and systems just the same. Here’s how to find and fix design flaws.

Continue Reading...

Posted in Software Architecture & Design

 

Drop the knife and back away from the AppSec budget

Tempted to cut your application security testing budget to cover shutdown losses? Remember that compromised assets are an even greater existential threat.

Continue Reading...

Posted in Application Security

 

5 software security courses to boost your skills, even under isolation

We’ve chosen five software security courses to help you and your team members prepare for the future of software development—no matter what it looks like.

Continue Reading...

Posted in Security Training & Awareness

 

The shift to remote work makes red team testing more important than ever

Closing your office cuts off several attack vectors—but remote working creates thousands more. Here’s why a red team assessment is so essential right now.

Continue Reading...

Posted in Data Breach Security

 

What the open source community can teach the suddenly remote workforce

Productive remote teamwork is possible. Just ask the open source community, who has been doing it for years. Here are some top tips for working remotely.

Continue Reading...

Posted in Developer Enablement

 

DevSecOps success takes people, not just technology

Want DevSecOps? Here are some tips to get your development, security, and operations teams communicating effectively and working toward a single purpose.

Continue Reading...

Posted in Agile, CI/CD & DevOps

 

How to deal with legacy vulnerabilities

Are you releasing software with legacy vulnerabilities that you put aside to address later but forgot about—or that you didn’t even know were in your code?

Continue Reading...

Posted in Application Security, Open Source Security

 

What is security debt, and how do I get out of it?

Security debt refers to the accumulation of vulnerabilities in your software that make it harder to protect your data and systems. How do you get rid of it?

Continue Reading...

Posted in Application Security