The Biden administration has unveiled its new national cybersecurity strategy, detailing top challenges facing the U.S. and plans for addressing them. Goals include minimum security requirements for critical infrastructure sector organizations and liability for poor software development practices.
An eleven-day outage, prior to his joining as CIO at the United States Patent and Trademark Office, was the turning point for Jamie Holcombe to not only reset the culture and mindset but also align technology teams with business product teams to optimize the latter for better outcomes and experiences.
APIs represent the best and worst of times - "massive amounts of business value, but massive amounts of unmitigated risk," says Richard Bird, CSO, Traceable AI. In the past year, misconfigured or error-prone APIs resulted in high-profile breaches at Twitter and T-Mobile. He sees more on the horizon.
Organizations must grapple with software development happening at a faster pace than ever as well as an exponential increase in attacks on the software layer. Contrast Security has therefore developed new technology to secure code that's deployed quickly to the cloud, CEO Alan Naumann says.
With rising customer expectations and increasing threats along with fast moving technology, today every company is a technology company - with security, availability, reliability, performance, and scalability their key concerns.
Organizations today need to scale applications and manage more traffic, address...
Snyk hauled in nearly $200 million just weeks after laying off 198 employees but had to slash its valuation by $1.1 billion to seal the deal. The company intends to use the Series G proceeds to enhance and expand its developer security platform through both organic investments and acquisitions.
Software has increasingly relied on components developed by third parties or from open-source libraries, which Aqua Security CEO Dror Davidoff says injects additional risk. On-premises environments are still managed in more traditional ways, with the development and production phases totally siloed.
Kalpesh Doshi has come a long way in cybersecurity. When he started out, some people mistakenly thought he was a security guard. Today, he has two decades of experience in information security, security audits, risk management and data protection, regulations, global standards and compliance.
Resiliency is a core topic in OWASP's Mobile Application Security Verification Standard. What's key context to know? Dan Shugrue of Digital.ai discusses how to deepen a DevSecOps program by training developers in code obfuscation, anti-tamper, RASP and monitoring.
Software life cycle management has always been part of the development team, but organizations are now looking to extend the process beyond the development team to manage the entire supply chain, says Nahas Mohammed, regional sales director at GitHub India.
DevSecOps is about security enablement at every stage within the organization - the people, process and technology. To begin the DevSecOps journey, organizations should enable and empower technology teams to think about secure design first, says GitHub's Hatim Matiwala.
Palo Alto Networks will make its first major acquisition in nearly two years, scooping up application security startup Cider Security for $250 million. The Silicon Valley-based platform security behemoth will fork over $194.6 million of cash as well as $55.4 million of replacement equity for Cider.
The traditional application development model that puts security checks at the end of the process creates needless friction that slows down organizations, says Snyk solutions engineer Matt Mintzer. Application security specialists need to build tracks rather than guardrails for development, he says.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cio.inc, you agree to our use of cookies.
