Explore 10 critical cloud security threats: data breaches, human error, data loss, insider threats, DDoS attacks, insecure APIs, exploits, account hijacking, APTs, and CPU flaws.
Over the past ten years, we’ve studied dozens of security activities performed by real-life firms to measure the software security practices used in organizations of different sizes, in different verticals, and at different levels of maturity. Quantifying these practices in the Building Security In Maturity Model (BSIMM) allows us to describe the common areas shared […]
The Internet of Things is all around us. But it doesn’t stop there—now it’s inside us too. As the era of “connected everything” explodes, so does the use of network-connected medical devices. These interconnected devices, ranging from hospital imaging equipment to implantable pacemakers to infusion pumps, help healthcare providers and patients in a variety of […]
Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP
Every application security testing tool—SAST, IAST, DAST, and RASP—has its distinct advantages, but you’ll get the best results when you use them together.
Posted in Infographic, Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP
At Infosecurity Europe in June, we surveyed 275 attendees who visited our booth to get the pulse of InfoSec concerns in Europe today. We were delighted to learn that 90% of their organizations had a formal application security process in place, using a dedicated internal application security team or initiative, third-party providers, or a combination […]
We took the opportunity at RSA Conference last month to survey our booth visitors about their organizations’ application security programs. We’ve sponsored and conducted a number of surveys on topics ranging from DevSecOps to open source security to medical device security, but there’s something about collecting feedback from conference attendees in person that really hits home—a […]
We audited 1,100 codebases in 2017 for open source components, vulnerabilities, and licenses. Here are some highlights from the 2018 OSSRA report.
We asked 350 enterprise IT professionals about real-world practices in application security, DevOps, and CI/CD. See highlights in our DevSecOps infographic.
As application development teams are pressured to deliver software faster than ever, containers offer clear advantages. Docker debuted to the public in 2013, and since then there have been over 29 billion Docker container downloads. Benefits of containerization 66% of organizations adopting containers experienced accelerated developer efficiency 75% of companies achieved an increase in application […]
Where does software security really fit into your firm? We recently decided to conduct a study to find out. Gathering data in a series of in-person interviews with 25 chief information security officers (CISOs), our aim was to understand their strategies and approaches. The 2018 CISO Report presents the research findings. From the findings, […]
Posted in Infographic | Comments Off on What do the 4 CISO tribes say about software security in your firm?