Software Integrity Blog

How do you effectively remediate the increasing sea of vulnerabilities?

With applications containing more and more open source, and 40+ open source vulnerabilities disclosed daily, how do you prioritize your remediation efforts?

Continue Reading...

Apache Struts research at scale, Part 2: Execution environments

During our CVE-2018-11776 research, after building 115 versions of Apache Struts, we had to address the challenges of recreating the execution environments.

Continue Reading...

How does IAST fit into DevSecOps?

IAST, a new generation of application security testing that bridges the gaps between SAST, DAST, and pen testing, seems to have been made for DevSecOps.

Continue Reading...

[Webinars] Open source in M&A due diligence, cloud application security

Learn why an open source security review is key in M&A due diligence, and about the impact of cloud environments on application security considerations.

Continue Reading...

5G: Vast potential, but better security needed

5G security is top of mind for those who recognize that 5G is going to be higher risk. Fuzzing is one of the leading testing techniques for securing 5G.

Continue Reading...

Thoreau’s ‘simplify’ exhortation hovers over RSA

Developers have no time for your complex security processes. Making application security simple means focusing on essentials and cutting through the noise.

Continue Reading...

[Webinar] Effective Vulnerability Remediation Requires More Than One Data Point

With advanced policy management and best-in-class vulnerability reports, developers can fix the most critical vulnerabilities quickly and effectively.

Continue Reading...

At RSA: The road to better security is to make it easier

How do you encourage people to do something? Make it easy. Developers too will adopt application security practices, if you make them easy. Here’s how.

Continue Reading...

3 steps to reduce your API and web service risk in M&A due diligence

Learn more about the risk areas related to APIs and web services during due diligence in M&A transactions involving software, and how to reduce each risk.

Continue Reading...

Code quality and maintenance: Emerging risks of open source use

You know that static analysis can find code quality defects in your proprietary code. But what are you doing to manage your open source code quality risk?

Continue Reading...