Sonatype, Snyk and Black Duck remained atop Forrester's software composition analysis rankings as commoditization of core features has led to increased competition. Pressure in the market has increased due to both a saturation of core functionalities and license identification.
Melina Scotto Mastin, an accomplished CISO and CyberEdBoard member, shared how her journey from network engineering to CISO shaped her leadership style. She emphasized collaborative cybersecurity approaches, advocating for “shift-left” practices that integrate security early in projects.
Sonar has integrated Structure 101's design expertise into its platform, enhancing code architecture and reducing dependency issues. This update helps developers streamline workflows and minimize long-term software evolution costs, ensuring good code management across multiple programming languages.
Amy Herzog, chief information security officer for Ads and Devices at Amazon, shares how her cybersecurity team accelerates product development by integrating security from the start to secure customer data on popular consumer devices such as Ring and Alexa.
After high-profile security incidents, Microsoft has dedicated 34,000 engineers to advancing security across all platforms, focusing on identity protection and rapid response. The company is embedding security into product development and governance frameworks to mitigate growing cyberthreats.
APIs are the connections that make digital business happen. Companies on average rely on more than 15,000 APIs, but these interfaces pose security risks. In this "Deep Dive" special report, ISMG's Anna Delaney explores how security leaders are tackling API security.
Trail of Bits' Michael Brown explores the dual challenges of applying AI and ML to cybersecurity and securing these evolving technologies themselves. He discusses the complementary nature of traditional and AI/ML-based approaches and highlights the pressing need for secure development life cycles.
Snyk CEO Peter McKay discusses lessons from the recent CrowdStrike outage, emphasizing the importance of robust development practices, effective communication and the integration of quality and security in modern software development. He also highlights Snyk's role in advancing developer security.
CrowdStrike must enhance testing and validation procedures and address deficiencies in its current quality assurance processes to minimize attrition. CrowdStrike should conduct a technical retrospective to understand the root cause of the faulty software content update and make necessary changes.
Developers are using more and more open-source code because they "want to move fast," said Cycode's Lotem Guy. But the speed of development and the continuous deployment that follows means security teams have to catch up to the fast-moving development life cycle.
Synopsys' Software Integrity Group will become a standalone company under Francisco Partners and Clearlake once the $2.1 billion transaction closes. General Manager Jason Schmitt explains the significance of the acquisition, the carve-out process and future growth strategies.
Malicious actors can use quantum computing to break encryption algorithms and exploit the trust that users place on legitimate applications and websites, and only post-quantum cryptography can defeat the threat and preserve the sanctity of digital communications, said Amit Sinha, CEO, DigiCert.
According to a recent survey, 95% of developers are already using AI as part of their development work. However, for every opportunity there is - there is also a concern.
Join this upcoming webinar to dive into topics relating:
Leading trends around Gen AI, including low-code, and hyperautomation;
Best practices...
As organizations embrace digital transformation, software security challenges have become increasingly complex. Adriana Freitas, director of the European Foundation Anti-Phishing Working Group, offers insights on the imperative role of DevSecOps in modern cybersecurity practices.
The integration of Oxeye into GitLab’s suite marks a significant leap in the accuracy and efficiency of security scans, directly addressing the challenge of false positives in static application security testing and enhancing software security across development stages, according to GitLab.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.