A Timeline of the Solarwinds Hack: What We’ve Learned
Here's a timeline of the major events in the SUNBURST attack, followed by recommendations for organizations to protect against supply-chain threats.
Virtual CISO: Leveraging External Security Expertise
Organizations that lack the budget for a CISO are increasingly turning to an outsourced solution: the virtual CISO, or vCISO. Let’s look at what a vCISO does and how one can benefit small and medium-sized businesses.
Secure Remote Access: Keeping Employees and the Organization Safe
In this age of lockdowns, social distancing and working from home, organizations must think carefully about how to extend their networks and services across the internet and into employees’ and contractors’ homes.
6 Threats to Development Team Productivity
Productivity rates are critical to success in any industry. That is true of software products, too, that not only need to be efficiently produced but secure from cyberattacks as well.
Rethinking Application Security in a Post-Pandemic World
Without a doubt, the COVID-19 pandemic has had a massive impact on the financial services landscape.
Low-Hanging Fruit: The Top 8 Cybersecurity Vulnerabilities in Enterprise Software
Learning about the most common security gaps found in software, why those gaps really matter, and how to close them can make you less likely to be the next big victim.
Which App Security & Quality Analytics Should You Be Tracking?
As management expert Peter Drucker once put it: "If you can't measure it, you can't improve it." This quote feels right in place in the world of application security.
The Role of SAST in DevSecOps
As DevSecOps continuously pushes security "to the left" in the software development process, autonomous assessment can provide assurance of security compliance from development’s earliest stages.
OpenSSF Takes a Collaborative Approach to Open Source Security
To help make open source software more secure, the Linux Foundation has announced a cross-industry collaboration with open source leaders including GitHub, Google, IBM, JP Morgan Chase, Microsoft, Red Hat, the OWASP Foundation, and others.
Introduction to Cyber Threat Intelligence
Published November 11, 2020 Simply put, threat intelligence – also known as cyber threat intelligence, or CTI – is information that is collected, analyzed, organized, and refined to provide insight, input, and advice about potential and current security threats or attacks that could pose potential or actual risks to an organization.
Understanding OWASP ASVS
Here is a brief backgrounder on the OWASP and a closer look at the ASVS with special emphasis on what it does and why it’s important for application security.
Kiuwan Shines in the Fall 2020 G2 Grid Report
We’re excited to announce that Kiuwan Code Security and Insights solutions have been recognized in the Fall 2020 G2 Grid Report for Static Code Analysis, due in large part to an overall customer satisfaction rating of 4.4 out of 5.
What Makes Firmware Vulnerabilities So Deadly?
If an attacker can foist a firmware or microcode exploit, there’s very little runtime software can do to counter (or even detect) its presence and behaviors.
8 Tips for Mobile App Security
In the first half of 2019, data breaches affected around 4.1 billion records. 3 out of 4 mobile apps leak sensitive data that expose users to fraud and identity theft.
October is Cybersecurity Awareness Month
October is Cybersecurity Awareness Month. The theme for 2020, "Do Your Part," encourages individuals to take a proactive approach to improving security.