Your risk-management strategy needs to change at the pace of business. Here are some new ways to think about and approach the issue.
DevOps and static security testing are not ideal partners. Paring down the test set using machine learning, however, can help. Here are key tips.
Layered security only works if the layers are, y'know, secure.
OWASP's Proactive Controls help build secure software but motivating developers to write secure code can be challenging.
Tackling the security policy-to-execution gap requires integrating security, risk, and workflows. Here's how to get started.
The best way to deal with both rattlesnakes and security breaches is to avoid them to begin with. Security automation can be a great help here.
Testing cryptographic-enabled apps is difficult—and getting harder. Here's one key tip: Don't write your own cryptographic software!
Hobbs, Kerckhoffs and Shannon were right: Security by obscurity is no security at all.
A web application firewall is your first layer of defense. It's open source, free, and enables virtual patching. Here's how to make it manageable.
Insider threats are getting worse. Will AI and machine learning be able to help?