“Well, yeah, I can give the devs a new security tool, but I can’t make them use it.” I was mid-way through dinner with an old college friend when he dropped this into the conversation. I’d told him I wanted to pick his brain about security issues and tools, but told him no matter what, I wouldn’t start to deliver a pitch. Well, I kept my promise, but I think I must have given my tongue a bruise from biting it.

Everybody’s doing it: shifting applications to the cloud. More flexibility. More storage. More scalability. But how does this affect application security? What challenges does it present?

The business impact of critical open source vulnerabilities such as Spring4Shell and Log4j illustrate the crucial importance of detecting remediating such vulnerabilities as fast as possible, This is particularly important for the financial technology, which handles vast volumes of sensitive financial data for investors. That was certainly the case for MSCI, who deployed Mend to speedily thwart any potential threats posed by Spring4Shell.

I recently had the pleasure of participating in a great panel discussion at the San Diego Cyber Security Summit, entitled “Cloud Security — Leveraging Its Strengths and Overcoming Its Vulnerabilities,” alongside representatives from Palo Alto Networks, Gigamon, Sysdig, Lacework, Imperva, and Tufin.

I recently had the pleasure of joining Marina Novikova, partner solutions architect from AWS in a webinar to discuss the key principles for building modern application security programs. We explored the big issues facing AppSec today, and why many companies are taking a new approach. As the world becomes increasingly application-driven, security can no longer be simply a box-ticking exercise for compliance purposes. It must do much more to ensure that software is delivered safely.

Kubernetes is an open source orchestration platform for containerized workflows. It is the best way to manage – or orchestrate – large clusters of containers at scale. Sometimes abbreviated as K8s, Kubernetes helps you efficiently manage clusters of hosts running Linux containers. In the age of containers, Kubernetes has become a popular open source project and key building block for modern tech infrastructure.

In partnership with Mend, the Fintech Open Source Foundation (FINOS) recently published its report, “The 2022 State of Open Source in Financial Services.” The report serves up a set of fascinating insights into the pace of open source adoption in the financial services sector. From optimizing benefits to overcoming obstacles, the report provides a valuable snapshot of open source software adoption in finance. Here’s a quick look at the report’s key findings.

Every federal administration for the past 20 years has issued a cybersecurity strategy, so in one sense the National Cybersecurity Strategy issued by the Biden administration on March 2, 2023 is not unexpected. The big difference, however, lies in the recommendations: For the first time, the government is pressing for regulatory mandates on key industry sectors that control wide swathes of critical infrastructure nationwide.

Recent high-profile software supply chain breaches have sharpened the focus on application security. But as cybersecurity professionals know all too well, concern doesn’t always equate to action. In theory, the rise of DevSecOps best practices that shift responsibility for application security further left should reduce the number of vulnerabilities that now routinely make it into production applications. However, real life is a little messier.