There are already so many words and concepts in information security: why do we need another one? And indeed ‘attestation’ is already used in several industry contexts with many subtly different meanings: what do we gain by overloading it?

The basic idea behind DevSecOps is to introduce security as early as possible in the software development life cycle (SDLC). At the same time, the model can lead to increased collaboration between development and security teams as part of the effort to integrate security into the SDLC. In other words, DevSecOps provides an excellent foundation for an effective vulnerability management strategy.

Rusty Cumpston and Jon Geater saw an opportunity to solve a huge supply chain trust problem and were inspired to build RKVST (pronounced as “archivist”), a platform aiming to bring integrity, transparency, and trust to digital supply chains. RKVST enables all partners in the supply chain to collaborate and work with a single source of truth, which can be helpful for tracking nuclear waste, storing historical flight data to optimize aircraft flight plans, and much more.

This is the final of a six-part blog series that highlights findings from a new Mend white paper, Five Principles of Modern Application Security Programs. When thinking of adjectives to describe cyberattackers, it’s doubtful that many people would choose to call them innovative – a term we’re more likely to ascribe to things we enjoy. But the reality is that adversaries are innovative, constantly finding new ways to launch attacks that result in greater rewards for less effort.

With threats to cloud native applications rising, security leaders feel more pressure than ever to counter an ever-changing risk landscape. But thanks to a rapidly expanding security solutions market, many respond to these growing demands by adding more products. With so many new tools arising to tackle security challenges, it sometimes seems like the right answer is always “one tool out of reach”.

By way of a brief introduction, I have had a 25+ year career in technology, and this has come with some wonderful experiences and opportunities along the way. One constant throughout my journey has been a need to increasingly leverage data, enabling informed decisions (even automated) at all levels to ensure: secure, high performing and observable products and services are available to the customers and partners I’ve been supporting.

PA Consulting recently joined forces with RKVST to host a Hackathon, looking to identify new and innovative propositions for digital supply chains. Could the teams of PA consultants and analysts identify opportunities to help their clients using RKVST technology? Short answer: YES! Many of today’s business challenges can be addressed with a reliable evidence ledger. If you want the long answer, read on.