The financial industry’s digital transformation is highly reliant on applications, just like the rest of the software development ecosystem. This requires everyone involved to invest in application security management as part of the effort to protect their data and systems.

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos, the internet of things is all around you. The internet of things (IoT) describes the network of interconnected devices embedded with sensors, software, or other technology that exchange data with other devices and systems over the Internet.

Medical devices, subway car doors, severe weather warnings, heavy machinery, car alarms, software security alerts. They all notify you to indicate that something is wrong so that you can take action to prevent harm. Hospital monitors can detect a wide range of issues, from an incorrect dose of medication to an irregular heartbeat and beyond. They can quite literally save a life. The same goes for severe weather alerts that warn of impending tornadoes or hurricanes.

Recent years have seen a sharp increase in the number of reported security vulnerabilities, along with quite a few notorious attacks on enterprise applications. Organizations have reacted by increasing their investment in AppSec and DevSecOps, including the widespread adoption of AST (application security testing) tools.

Considering the continuous increase in cybersecurity attacks targeting large organizations over the past few years and regulations like PCI DSS, HIPAA, NIST 800-731 – to name a few – it’s no surprise that enterprise investment in vulnerability management is on the rise. Detecting, prioritizing, and remediating security vulnerabilities in today’s rapidly evolving threat landscape is no small feat.

Software supply chain attacks are back in the news. Last week, security researcher Alex Birsan executed a novel attack against Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, and Uber by leveraging a design flaw in automated build and installation tools. Along with the recent SolarWinds breach, this most recent attack is renewing attention on software supply chain security.

Used by developers around the world, open source components comprise 60%-80% (and likely more) of the codebase in modern applications. Open source components speed the development of proprietary applications, save money, and help organizations stay on the cutting edge of technology development. Despite the widespread adoption of open source components, myths persist about its usage. The following are the top three concerns associated with open source use.

In order to develop stable and secure applications, you need to inspect and verify that your software performs as expected. The most common approaches to testing software are white box testing, black box testing, and gray box testing. While white box testing and black box testing have their pros and cons, gray box testing combines the two testing approaches in an attempt to overcome their deficits.

As this year comes to a close, it is a good time to take a look at the trends of open source license usage in 2020 and compare them to previous years. Our research team has collected information from the WhiteSource database, which includes more than 4 million open source packages and 130 million open source files covering over 200 programming languages, to learn which were the most popular open source licenses in 2020.

One unexpected consequence of the global pandemic is the acceleration of digital transformation across organizations of all sizes. With so many employees working from home, organizations realized they needed to upgrade to a cloud infrastructure to support everyone working remotely. As applications moved from on-premises to the cloud to support these new remote users, organizations needed to think about the APIs and microservices that connected users to essential applications.