Synopsys stands head and shoulders above the competition in Gartner's application security testing rankings, with Snyk rising and HCL Software falling from the leaders category. Longtime app security players Veracode, Checkmarx and OpenText joined Synopsys and Snyk atop the Gartner Magic Quadrant.
The "shift left" movement puts "unrealistic" expectations on developers, said Gayatri Prakash, vice president and general manager of compliance at CloudBees. She said installing new tools to manage various parts of the SDLC is not necessarily "going to solve our problem for security."
Snyk has executed its third round of layoffs since June 2022, axing 128 workers amid projections of challenging market conditions persisting into early 2024. The Boston-based application security vendor revealed Thursday plans to reduce its more than 1,200-person staff by an estimated 11%.
Supply chain attacks have evolved from exploiting organizations with unpatched vulnerabilities in open-source libraries to proactively injecting malicious code into a victim's IT environment, according to Janet Worthington, senior analyst at Forrester.
For the first time in its 17-year history, application security vendor Checkmarx will have a new leader. The company has tapped Sandeep Johri, the longtime chief executive at software testing vendor Tricentis, to serve as its new CEO less than two years after being acquired by Hellman & Friedman.
Security practitioners are putting cognitive psychology and customer experience at the forefront of new product development in a push for usability, says Trusona's Kevin Goldman. Getting user experience designers familiar with products allows them to speak meaningfully with the security team.
Palo Alto Networks will make its first major acquisition in nearly two years, scooping up application security startup Cider Security for $250 million. The Silicon Valley-based platform security behemoth will fork over $194.6 million of cash as well as $55.4 million of replacement equity for Cider.
President and CEO Sudhakar Ramakrishna says SolarWinds has done massive work implementing security into the build process since the company was hacked in late 2020. Testing, validating and qualifying the integrity of the company's source code has required significant effort, Ramakrishna tells ISMG.
Sonatype’s eighth annual State of the Software Supply Chain Report blends a broad set of public and proprietary data and analysis, including dependency update patterns for more than 131 billion Maven Central downloads and thousands of open source projects, survey results from 662 engineering professionals, and the...
DevSecOps has been described as part strategy, part toolkit, part training and part cultural shift.
However, there’s no universal playbook on how to implement DevSecOps, and there can be conflict between DevOps prioritizing speed to market, functionality and revenue generation, versus SecOps striving to eliminate...
The U.S. OMB recently released its latest deliverable as part of President Biden's cybersecurity executive order. Former federal CISO Grant Schneider discusses this guidance and shares best practices for agencies and organizations to improve the security of their software supply chain.
Have you noticed that there's a cultural gap between software developers and application security practitioners? This gap can challenge application security maturation within the Software Development Lifecycle (SDLC).
We'll examine how you can stimulate cultural change to mature your software development group,...
The SolarWinds supply chain compromise has raised questions over how to detect software that has been tainted during the vendor's development and build process. A concept called verified reproducible builds could help, says David Wheeler of the Linux Foundation.