I recently had the pleasure of joining Marina Novikova, partner solutions architect from AWS in a webinar to discuss the key principles for building modern application security programs. We explored the big issues facing AppSec today, and why many companies are taking a new approach. As the world becomes increasingly application-driven, security can no longer be simply a box-ticking exercise for compliance purposes. It must do much more to ensure that software is delivered safely.

Kubernetes is an open source orchestration platform for containerized workflows. It is the best way to manage – or orchestrate – large clusters of containers at scale. Sometimes abbreviated as K8s, Kubernetes helps you efficiently manage clusters of hosts running Linux containers. In the age of containers, Kubernetes has become a popular open source project and key building block for modern tech infrastructure.

In partnership with Mend, the Fintech Open Source Foundation (FINOS) recently published its report, “The 2022 State of Open Source in Financial Services.” The report serves up a set of fascinating insights into the pace of open source adoption in the financial services sector. From optimizing benefits to overcoming obstacles, the report provides a valuable snapshot of open source software adoption in finance. Here’s a quick look at the report’s key findings.

Every federal administration for the past 20 years has issued a cybersecurity strategy, so in one sense the National Cybersecurity Strategy issued by the Biden administration on March 2, 2023 is not unexpected. The big difference, however, lies in the recommendations: For the first time, the government is pressing for regulatory mandates on key industry sectors that control wide swathes of critical infrastructure nationwide.

Recent high-profile software supply chain breaches have sharpened the focus on application security. But as cybersecurity professionals know all too well, concern doesn’t always equate to action. In theory, the rise of DevSecOps best practices that shift responsibility for application security further left should reduce the number of vulnerabilities that now routinely make it into production applications. However, real life is a little messier.

Threat actors will always target the things most important to businesses, and today, that means applications–the lifeblood of the global economy. As the recent Mend Open Source Risk Report reveals, the ongoing rise in open source vulnerabilities and software supply chain attacks presents significant business risk. The number of open source vulnerabilities are growing, just as threat actors are launching increasingly sophisticated attacks.

Continuous integration/continuous delivery (CI/CD), promises to help deliver software faster and more reliably. It does this by pushing frequent updates and fixes regardless of size and using automation tools to help the process run smoothly. According to Gartner, CI/CD is the most common agile practice currently being adopted by organizations. So how does CI/CD work and why is it critical for DevOps teams?

Threat actors operate by an ironclad rule: If it’s important to businesses, it’s important to them. And they certainly understand the crucial business role of applications. Applications are now the number one attack vector, while software supply chain attacks increased 650 percent in a year. Clearly, if you don’t already have a modern application security program, you need to build one. But how do you make sure that your program will be effective?

Effectively managing the many open source licenses used in enterprise software is a complex task that requires a thorough evaluation of key features in software license management tools. After that, you need to implement the technology using several best practices. In this blog post, let’s take a brief look at both.

Threat actors today are increasingly targeting the application layer, driving significant challenges for companies using traditional application security strategies. To defend themselves against the rapidly evolving threat landscape, organizations need to build a modern AppSec strategy that addresses these fast-changing conditions. But how?