Your risk-management strategy needs to change at the pace of business. Here are some new ways to think about and approach the issue.
DevOps and static security testing are not ideal partners. Paring down the test set using machine learning, however, can help. Here are key tips.
Involving clients in the dev process not only reduces lead times, but it also improves trust and confidence all around. Here are four ways to do it.
Here's how one company used GitOps as infrastructure-as-code to modernize a three-tier legacy app. There are many benefits to using this approach.
Layered security only works if the layers are, y'know, secure.
Getting buy-in from multiple levels, from execs to peers, is critical. Here's how Spotify went about it, and how self assessment works.
OWASP's Proactive Controls help build secure software but motivating developers to write secure code can be challenging.
Middleware, or integration-as-a-service, is even more important in today's cloud-first environment. Here are the key options to consider.
Tackling the security policy-to-execution gap requires integrating security, risk, and workflows. Here's how to get started.
Blockchain developers are wrestling with complex issues. Their solutions aren't perfect, but they can lead us to rethink our code and systems.

Pages