The latest News and Information on Application Security including monitoring, testing, and open source.
If there’s one thing we learned in our years of building AppSec technology, it’s that the best tools in the world are useless if they don’t get used. We know from speaking with our customers and industry research that developers won’t use AppSec tools that make their lives harder. Forcing them into cumbersome processes, or making them switch tools and learn a new user interface, will likely lead to AppSec neglect in favor of hitting development deadlines.
The Food and Drug Administration (FDA) recently implemented new guidance regarding medical device cybersecurity. It’s not a moment too soon, as new cases arise in which healthcare technology is compromised by vulnerabilities that escalate risks, which could threaten patients’ lives. In a recent survey, over 20% of healthcare organizations said that after a cyberattack, their patient mortality rates had risen, and another 57% reported that cyberattacks led to poorer outcomes for patients.
Two new sets of regulations introduced by the European Union (EU) indicate that the public sector is taking increased interest in improving cybersecurity and resilience. The EU is introducing the Digital Operational Resilience Act (DORA) for financial institutions and the Cyber Resilience Act (CRA) for software and hardware providers, both designed to enforce software security and secure delivery of services.
Snyk is known for its developer-first application security solutions for many ecosystems like Java, JavaScript, Python, and more. Snyk enables developers to not only find issues but quickly apply fixes, revolutionizing security and supporting its integration at the earliest stages of the SDLC. In 2022, we released the first round of support for C/C++ open source packages, and today we’re excited to announce the Open Beta of C/C++ for Snyk Code and licenses for Snyk Open Source.
Kondukto and GitGuardian have teamed up to provide an integration that brings together their knowledge in AppSec orchestration and automated secrets detection.