Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
What The National Cyber Strategy Means For You 
The new National Cyber Strategy from the Biden administration aims to strengthen the nation's cybersecurity and protect against cyber threats. The strategy emphasizes cybersecurity more, with increased regulation, collaboration, and funding for cybersecurity initiatives.Read More
How to Measure the ROI of Application Security Training
We are currently in an application security dilemma that stems from growing security concerns, pressure on development teams, and a lack of structured security training.Read More
Learn About ‘Security Journey News’
[SiliconANGLE] White House Publishes New National Cybersecurity Strategy
This article was written by Maria Deutscher for Silicon ANGLE. The White House has released a national cybersecurity strategy that seeks to make the digital ecosystem more resilient against hacking campaigns.
[Hackernoon] ChatGPT Will Change Cybersecurity…but How?
This article was written by John Campbell for HackerNoon. ChatGPT, OpenAI's impressive chatbot, has fueled a leap in the global understanding of the potential of artificial intelligence (AI).
[Dark Reading] 'New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover
This article was written by Nate Nelson for Dark Reading. With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone.
[Help Net Security] Establishing Secure Habits for Software Development in 2023
This article was written by Amy Baker for Help Net Security. As a new year commences, it’s not unusual for people to take the opportunity to adopt better practices and principles and embrace new ways of thinking in both their personal and professional lives.
[DEVOPS Digest] Is the Developer the Forgotten Non-Malicious Insider Threat?
This article was written by John Campbell for DEVOPS Digest. Gartner named software supply chain attacks the second biggest threat for 2022 and predicted that 45% of organizations will have experienced one or more software supply chain attacks by 2025.
[Help Net Security] Trained Developers Get Rid Of More Vulnerabilities Than Code Scanning Tools
This article was originally written for Help Net Security. Researchers also found that as many as 70% of organizations are missing critical security steps in their software development lifecycle (SDLC), highlighting a struggle with a ‘shift-left’ approach.
[VMblog.com] Security Journey 2023 Predictions: A Greater Focus on Application Security
This article was originally written by Amy Baker for VMblog.com. Given the incredibly competitive and challenging economic environment, we are seeing a continuous investment across organizations into application development in the race to win market share.
[datanami] Feds Boost Cyber Spending as Security Threats to Data Proliferate
Originally posted by Alex Woodie from datanami. Cybercriminals are exploiting vulnerabilities in Web applications, which are up 210% over the past few years.
[Security Journal Americas] A Look at AppSec Education for 2023
This article was written by Victoria Rees for Security Journal Americas. Amy Baker, Security Education Evangelist, Security Journey discusses the trends and challenges for the software development industry in 2023.
[Security Boulevard] Moving Beyond Security Awareness to Security Education
This article was written by Sue Poremba for Security Boulevard. While security awareness training is helpful to assist employees in recognizing threats, phishing and social engineering attacks are successful enough that it is clear that awareness training alone isn’t enough.
[Reversing Labs] GitHub Repojacking Attack: 10 Lessons for Software Teams
This article was written by John P. Mello Jr. for Reversing Labs. Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.