Supply chain attacks have evolved from exploiting organizations with unpatched vulnerabilities in open-source libraries to proactively injecting malicious code into a victim's IT environment, according to Janet Worthington, senior analyst at Forrester.
For the first time in its 17-year history, application security vendor Checkmarx will have a new leader. The company has tapped Sandeep Johri, the longtime chief executive at software testing vendor Tricentis, to serve as its new CEO less than two years after being acquired by Hellman & Friedman.
Organizations must grapple with software development happening at a faster pace than ever as well as an exponential increase in attacks on the software layer. Contrast Security has therefore developed new technology to secure code that's deployed quickly to the cloud, CEO Alan Naumann says.
The $250 million acquisition of Cider Security will allow Palo Alto Networks to secure a piece of code from development to its implementation in a runtime environment. CEO Nikesh Arora says the company must understand the tool sets and open-source widgets coming into the customer's supply chain.
Palo Alto Networks will make its first major acquisition in nearly two years, scooping up application security startup Cider Security for $250 million. The Silicon Valley-based platform security behemoth will fork over $194.6 million of cash as well as $55.4 million of replacement equity for Cider.
DevSecOps has been described as part strategy, part toolkit, part training and part cultural shift.
However, there’s no universal playbook on how to implement DevSecOps, and there can be conflict between DevOps prioritizing speed to market, functionality and revenue generation, versus SecOps striving to eliminate...
The U.S. Department of Commerce is soliciting input on a Trump administration cybersecurity executive order that requires cloud providers to verify the identities of certain users - particularly cyber actors potentially operating abroad and leveraging U.S. cloud technologies.
Have you noticed that there's a cultural gap between software developers and application security practitioners? This gap can challenge application security maturation within the Software Development Lifecycle (SDLC).
We'll examine how you can stimulate cultural change to mature your software development group,...
A bipartisan group of senators is circulating a draft of a federal breach notification bill that would require federal agencies, federal contractors and businesses that have oversight over critical infrastructure to report significant cyberthreats to CISA within 24 hours of discovery.