As the importance of Application Security has grown, so has the confusion around how to successfully maintain the complete application security lifecycle– not to mention stay up to date with the alphabet soup of acronyms we must contend with. Consequently, as...
Latest News-
Continuous SecurityDevSecOps: Why it needs to be in every SDLC
In a perfect development world, security is an integral part of the process and is integrated into the complete software development cycle. With practicing this approach, development teams implement security protocols and have a clear understanding of policies and...
The History of DevSecOps and Beyond
Way back in the day a long, long time ago DevSecOps began in 1976 and that began with a paper written that described the eleven attributes of quality. A lot of these concepts were very forward thinking. Now, you didn’t see a lot of security in the 70’s and there...
Security Risk Equals Business Risk
Every company today is a software company and as such we’re all facing security risk and same cybersecurity challenges. With 9 of 10 breaches occurring due to a software vulnerability, incidents like Solarwinds and Log4j have demonstrated that implementing basic...
What is Continuous Security?
The term “DevSecOps” has been on the rise in recent years, popularizing the idea that security needs to be included in the overall software development lifecycle. But with all this talk about DevSecOps comes a big question: does tacking on security tools and...
Why Continuous Security is the Solution to Everyone’s Problems
From your local cafe to Starbucks, every company today is a software company – it’s just the output that differs. Whether your end product is coffee or a DevOps solution, we’re all facing the same challenges when it comes to cybersecurity. Incidents like Solarwinds...
Stopping the Log4j Bleed: Why Mature Security Processes Include a SBOM
Gone are the days when organizations could implement basic cybersecurity measures and assume they wouldn’t be necessary. In fact, cybercrime damages are now predicted to reach $10.5 trillion annually by 2025 - an indication of just how far reaching and severe...
Why Log4j is a Lesson in Prioritization
The recent Log4j vulnerability, which Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly called “the most serious vulnerability I have seen in my decades-long career,” forced many Security and Development teams to work through the holidays...
Stop Treating Security like Leather Seats
When was the last time you had to buy a new car? Some enjoy the haggling while others hate it, but if you want to maximize your ability to negotiate on price you’ll need to review the car’s models and options. For any given car, automakers generally present you with...
Application Security is Eating Security…and Wabbi is Powering It.
A decade ago, Marc Andreessen declared software was eating the world. And he was right. Name something we do that isn't powered by software today - from the phones in our hands to the gas in our cars, and the meat on our tables. So, what's next in our software-powered...
Why SecDevOps Is This Season’s Buzzword
DevSecOps has been a buzzword for a while now, but there is still debate about the right way to approach it in practice. Especially among development teams, there is constant noise around the definition of DevSecOps and what it really means for an organization. Let’s...
Why Federal?
I was recently asked how Wabbi's federal strategy is different from our commercial strategy. The answer is that it’s not. Both have teams look to ship software rapidly as a competitive advantage and understand security is a bottleneck when not deployed correctly. In...
Cutting Through the DevSecOps Noise
This is the first blog in a short series on exploring the challenges with software development through a security-first perspective.The importance of Application Security continues to advance in broader awareness as 42% of organizations that had experienced an...
Begin Your Security Integration Into DevOps Today
You can argue that SecDevOps is an approach as old as time - or rather, DevOps – after all, it was Security that was the instigator of the problems in the Phoenix Project. However, it has come into focus in the last 5 years as 17% of companies had fully embraced...
Accelerating Vulnerability Management through SecDevOps
Vulnerabilities are all around us. This has always been the case, but since the novel coronavirus (COVID-19) led to massive global changes, small vulnerabilities have led to major disruptions in businesses of all sizes - a problem that won’t disappear anytime soon:...
Remote Work: The Breakthrough Moment for SecDevOps
While SecDevOps – the integration of Security into Development processes - has grown in prominence as an extension of the broader DevSecOps movement, despite recognizing the use of better integrated and automated application security as a top 3 priority, companies...
Why Your Marketing Team Wants SecDevOps
This post is the fourth in a five-part series where we’ll be digging into why SecDevOps enables every department in an enterprise – not just Security and Development – to do their job better. The favorite phrase of security teams today is that “Security is...
Why your HR team Wants SecDevOps
This is the third post of the five-part series of how SecDevOps gives organizations within companies the tools to accomplish their goals. This particular post will look at how a well-implemented SecDevOps program helps HR teams reach their goals. HR functions as the...
Why Your Finance Team Wants SecDevOps
This post is the second in a five-part series where we’ll be digging into why SecDevOps enables every department in an enterprise – not just Security and Development - to do their job better. The favorite phrase of security teams today is that “Security is...
Why Your Sales Team Wants SecDevOps
This post is the first in a five-part series where we’ll be digging into why SecDevOps enables every department in an enterprise – not just Security and Development - to do their job better. The favorite phrase of security teams today is that “Security is everybody’s...
What is an Application Security Policy?
Now more than ever, cybersecurity is top of mind for every business unit – and Development is no exception. In the post-Equifax breach world, we understand that good Application Security isn’t just about tools, but about the processes that deliver the right...
Rome Wasn’t Built in a Day…
and Neither is Your SecDevOps
As digital transformation has accelerated in the last decade, software development strategy has undergone it’s greatest transformation since software development became commercialized. DevOps emerged to meet market needs faster, but then DevOps teams found that...
Getting Started with SecDevOps:
The What, The How, and the Why
Here’s the problem. The world is full of bad people. The world is also full of bad (let’s call it imperfect) security. Put those two facts together and you quickly realize why a computing device gets attacked, on average, every 39 seconds. In the time it takes you to...
Wabi-Sabi Your SecDevOps
What is Wabi-Sabi? Wabi-Sabi is a Japanese philosophy of understanding and embracing the fact that the world is imperfect, never finished, and won’t last forever. It is a concept that can be applied to the everyday, allowing people to appreciate things for the way...
What is SecDevOps?
With 9 out of 10 breaches beginning with defects in code, it's no wonder that companies have rushed to incorporate security into their development pipelines. And with that rush has come a whole new industry – DevSecOps – and the jargon to go with it. What are some...
Wabbi Sits Down with Underscore.vc
As part of their blog series, “Preparing for Lift-Off: 11 Founders Launching Bold New Startups,” Wabbi Founder & CEO, Brittany Greenfield sat down with Underscore.vc to discuss Wabbi’s founding story and some of the lessons she learned along the way. A seasoned...