Why Your Vulnerability Backlog Will Never Shrink (and What to Do Instead) For most organizations, the vulnerability backlog has become a permanent fixture of software development. Thousands of issues sit unresolved across code, containers, dependencies, and...
Risk-Based Vulnerability Management (RBVM) is a security strategy that aligns the risk profile of an organization with its remediation efforts in application security. It is designed to ensure that an organization's resources are utilized efficiently and effectively...
What is Vulnerability Management? Vulnerability management is the traditional core of an Application Security strategy. It is not just enough to scan, you have to aggregate and prioritize the results. As 2/3 of organizations use at least 11-20 application security...
Now that you understand Application Security Posture Management is the backbone of any application security and DevSecOps program, it’s time to start to build your deployment strategy. Don’t worry – you don’t have to boil the ocean to start to see the hard ROI in 1-3...
It was a pleasure to return to the Gartner Security & Risk Management summit this year. Like the other attendees, I enjoyed the chance to not just reconnect with the community, but take a deep dive into the top of mind security initiatives and trends. It was also...
Today, application security is more important than ever. Security risks and threats are constantly evolving, and organizations need to be able to quickly identify, prioritize, and mitigate them in order to stay ahead of the game. Application Security Posture...
Everyday, CISOs and Engineering VPs are prioritizing their organizations’ tasks into lists: the must-dos, the need-to-dos, and the can-be-done-laters (or not at all). They use a variety of considerations in this exercise: business goals, risk management, resource...
Regardless of the size of an organization, cybersecurity is a requirement for anyone in the software business or tech industry. Sure there are a lot of cybersecurity platforms out there but Wabbi is unique in that it protects a software company’s IP, its team, and its...
We live in a world powered by software - and AppSec is everything but necessary from day 1. It’s vital for developers and operations security teams to integrate AppSec from the beginning of the development lifecycle. Recent research has shown 98% of companies believe...
In a perfect development world, security is an integral part of the process and is integrated into the complete software development cycle. With practicing this approach, development teams implement security protocols and have a clear understanding of policies and...
Way back in the day a long, long time ago DevSecOps began in 1976 and that began with a paper written that described the eleven attributes of quality. A lot of these concepts were very forward thinking. Now, you didn’t see a lot of security in the 70’s and there...
Every company today is a software company and as such we’re all facing security risk and same cybersecurity challenges. With 9 of 10 breaches occurring due to a software vulnerability, incidents like Solarwinds and Log4j have demonstrated that implementing basic...
The term “DevSecOps” has been on the rise in recent years, popularizing the idea that security needs to be included in the overall software development lifecycle. But with all this talk about DevSecOps comes a big question: does tacking on security tools and...
From your local cafe to Starbucks, every company today is a software company – it’s just the output that differs. Whether your end product is coffee or a DevOps solution, we’re all facing the same challenges when it comes to cybersecurity. Incidents like Solarwinds...
Gone are the days when organizations could implement basic cybersecurity measures and assume they wouldn’t be necessary. In fact, cybercrime damages are now predicted to reach $10.5 trillion annually by 2025 - an indication of just how far reaching and severe...
The recent Log4j vulnerability, which Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly called “the most serious vulnerability I have seen in my decades-long career,” forced many Security and Development teams to work through the holidays...
When was the last time you had to buy a new car? Some enjoy the haggling while others hate it, but if you want to maximize your ability to negotiate on price you’ll need to review the car’s models and options. For any given car, automakers generally present you with...
A decade ago, Marc Andreessen declared software was eating the world. And he was right. Name something we do that isn't powered by software today - from the phones in our hands to the gas in our cars, and the meat on our tables. So, what's next in our software-powered...
DevSecOps has been a buzzword for a while now, but there is still debate about the right way to approach it in practice. Especially among development teams, there is constant noise around the definition of DevSecOps and what it really means for an organization. Let’s...
I was recently asked how Wabbi's federal strategy is different from our commercial strategy. The answer is that it’s not. Both have teams look to ship software rapidly as a competitive advantage and understand security is a bottleneck when not deployed correctly. In...
This is the first blog in a short series on exploring the challenges with software development through a security-first perspective.The importance of Application Security continues to advance in broader awareness as 42% of organizations that had experienced an...
You can argue that SecDevOps is an approach as old as time - or rather, DevOps – after all, it was Security that was the instigator of the problems in the Phoenix Project. However, it has come into focus in the last 5 years as 17% of companies had fully embraced...
Vulnerabilities are all around us. This has always been the case, but since the novel coronavirus (COVID-19) led to massive global changes, small vulnerabilities have led to major disruptions in businesses of all sizes - a problem that won’t disappear anytime soon:...
While SecDevOps – the integration of Security into Development processes - has grown in prominence as an extension of the broader DevSecOps movement, despite recognizing the use of better integrated and automated application security as a top 3 priority, companies...
This post is the fourth in a five-part series where we’ll be digging into why SecDevOps enables every department in an enterprise – not just Security and Development – to do their job better. The favorite phrase of security teams today is that “Security is...