Mainframe March 28, 2022

Low-Code Is Easy, But Is It Secure?

4 min read - Low-code and no-code solutions are awesome. Why? With limited or no programming experience, you can quickly create software using a visual dashboard. This amounts to huge time and money savings. But with all this software out there, security experts worry…

Software Vulnerabilities November 9, 2021

A New Cybersecurity Executive Order Puts the Heat on Critical Infrastructure Suppliers

3 min read - Ransomware. Five years ago, the cybersecurity community knew that term well, although among others it was far from dinner table conversation. Times have changed. Since early 2020, ransomware has hit a slew of headlines. People inside and outside of the…

Application Security October 27, 2021

Why Containers in the Cloud Can Be An Attacker’s Paradise

4 min read - Containers — which are lightweight software packages that include entire runtime environments — have solved the issues of portability, compatibility and rapid, controlled deployment. Containers include an application; all its dependencies, libraries and other binaries; and configuration files needed to…

Risk Management October 8, 2021

The Case for Cybersecurity Education for Engineers

2 min read - Engineering and cybersecurity are two distinct disciplines, each demanding its own rigorous education and training. But should there be crossover? Should engineers or engineering students invest in cybersecurity education as well? What are the opportunities for engineers to gain expertise…

Mobile Security July 13, 2021

What Is Domain-Driven Design?

4 min read - In the ever-growing software ecosystem, successful products need to have great performance, security, maintainability and usability. For the people who deliver those products, quality assurance, time to market and cost matter most. They sometimes push security-related tasks to the side.…

Software Vulnerabilities April 7, 2021

Using the Threat Modeling Manifesto to Get Your Team Going

5 min read - Secure software development requires a ‘shift left’ — paying attention to security and privacy early in the life cycle. Threat modeling is a very useful activity for achieving this goal, but for a variety of reasons, organizations struggle to introduce…

CISO March 30, 2021

Risk Management, C-Suite Shifts & Next-Gen Text Scams: Your March 2021 Security Intelligence Roundup

2 min read - This month in digital security, scam text messages may seem like an easy attack to dodge, but they’re getting smarter. Meanwhile, chief information security officers are wearing lots of hats. And, is it really possible to ‘future proof’ anything? The…

Application Security March 1, 2021

Developers vs. Security: Who is Responsible for Application Security?

6 min read - Call it the blame game or just a vicious circle. The long-standing tension between developers and IT security experts is not easing anytime soon. Each side blames the other for security risks in application security and other areas, but digital…

Artificial Intelligence January 29, 2020

Why 2020 Will Be the Year Artificial Intelligence Stops Being Optional for Security

4 min read - Artificial intelligence is being built into security tools and services of all kinds, so it's time to change our thinking around AI's role in enterprise security.

Application Security January 24, 2020

Scaling Security in Software Development: The Art of Possible

5 min read - What are the options for an organization that wants to take security in software development seriously? Here's what to know.