Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.
Want DevSecOps? Here are some tips to get your development, security, and operations teams communicating effectively and working toward a single purpose.
Posted in Agile, CI/CD & DevOps | Comments Off on DevSecOps success takes people, not just technology
Are you releasing software with legacy vulnerabilities that you put aside to address later but forgot about—or that you didn’t even know were in your code?
Posted in Application Security, Open Source Security | Comments Off on How to deal with legacy vulnerabilities
Security debt refers to the accumulation of vulnerabilities in your software that make it harder to protect your data and systems. How do you get rid of it?
Posted in Application Security | Comments Off on What is security debt, and how do I get out of it?
Developers have no time for your complex security processes. Making application security simple means focusing on essentials and cutting through the noise.
Posted in Application Security, Developer Enablement | Comments Off on Thoreau’s ‘simplify’ exhortation hovers over RSA
How do you encourage people to do something? Make it easy. Developers too will adopt application security practices, if you make them easy. Here’s how.
Posted in Application Security, Developer Enablement | Comments Off on At RSA: The road to better security is to make it easier
Organizations that postpone remediating security issues, or just ignore them, are playing a risky game. But DevSecOps can help reduce your security debt.
Posted in Agile, CI/CD & DevOps | Comments Off on Start paying down your ‘security debt’ with DevSecOps
Better IoT security requires a change in consumer culture and habits. But manufacturers should be doing more as well, with better guidance from government.
Posted in IoT Security | Comments Off on Experts: Better IoT security depends on changes in culture, habits
How do you comply with privacy laws that haven’t even been enacted yet? Start by securing your software and systems against cyber attacks and data breach.
Posted in Data Breach Security, Software Compliance, Quality & Standards, Software Security Program | Comments Off on Want to comply with privacy laws? Start with security
The downward trend in organizations passing PCI DSS interim security testing is worrying. PCI DSS compliance requires security every day, not once a year.
Posted in Financial Cyber Security | Comments Off on PCI DSS compliance isn’t security, but security can boost compliance
On National Data Privacy Day, we find little has changed in what numerous privacy advocates and experts have called “the golden age of surveillance.”
Posted in Software Compliance, Quality & Standards | Comments Off on Privacy still eroding on National Data Privacy Day
