How does it work, and why is it important? If you have paid attention to supply chain security in 2021, you've likely heard a lot about Sigstore. If you are still not sure exactly what...
Continue Reading
How does it work, and why is it important? If you have paid attention to supply chain security in 2021, you've likely heard a lot about Sigstore. If you are still not sure exactly what...
Continue Reading
This article was originally appeared on TechBeacon.com on February 16, 2021. You can access it here. If you have not yet seen the Threat Modeling Manifesto, then you’re missing out. The...
Continue Reading
This article was originally appeared on at TechBeacon.com on January 6, 2021. You can access it here. Will DevOps and DevSecOps still be relevant in 50 years? Today's DevOps technology...
Continue Reading
“We don’t need security.” With our modern dependence on technology and security, nobody would dare to make this statement. Everyone knows how crucial security is and how it must be...
Continue Reading
How do you incentivize people to participate in your security program? Are you using a carrot or a stick? Security rewards and recognition are crucial for the success of your security belt...
Continue Reading
This post is a result of a conversation on the Application Security Podcast. Adam Shostack joined Robert and me, and the topic was remote threat modeling. We’re all living in this new...
Continue Reading
Developers are everywhere because software is everywhere. Try to think of an organization that doesn’t employ at least a few developers to maintain their code. The challenge with...
Continue Reading
Changing security culture appears straightforward at first glance: You tell people to do things differently than before, and then stand back and wait for lower vulnerability counts and...
Continue Reading
Every application security and SecOps organization needs to connect people under the banner of security. The security of any organization is only as strong as its people, and people thrive...
Continue Reading
