Boston, MA, USA
Sep 15, 2021   |  By Dave Howell
In May 2021, the White House issued an Executive Order (EO) focused on improving the United States’ cybersecurity posture. Among other things, the EO calls for enhancing software supply chain security and strengthening the security of software used by the Federal Government. In short, this EO puts application security (AppSec) front and center.
Aug 17, 2021   |  By ZeroNorth
Patent Filings Related to Vulnerability Management and AppSec Risk Support the Goal of Enabling Customers' Progress Toward True DevSecOps.
Aug 12, 2021   |  By ZeroNorth
Technology providers are feeling heavy pressure to provide the best user experience, the most intuitive UI, and are racing to release better and better versions of their offerings. But organizations are often pushing to release these improvements at the expense of ensuring the software they’re releasing is secure and free from vulnerabilities.
Aug 10, 2021   |  By ZeroNorth
Educational Book Delivers Background, Actionable Steps to Help Organizations Build a Best-in-Class DevSecOps Program.
Aug 2, 2021   |  By ZeroNorth
AppSec Risk Visualization and AppSec Quick Start Trial Programs Provide Customers with Powerful Options for Progressing DevSecOps.
Jul 21, 2021   |  By ZeroNorth
A software bug, system flaw, security gap—these are all terms you may have heard in the world of application security (AppSec). Yes, they all mean slightly different things, but the reality is each one can lead to a vulnerability—which translates into a weakness that can be exploited to compromise the security of an application.
Jul 20, 2021   |  By Joanne Godfrey
DevOps is one of the latest IT methodologies to be offered ‘as a Service’. With DevOps as a Service (DaaS), all tasks related to selecting, managing and maintaining DevOps tools and infrastructure, policies and processes are handled centrally, much of it automated, by a specialist team and provided – as a service – to all the development teams across the organization.
Jul 15, 2021   |  By ZeroNorth
Bugs and flaws in software are common and unavoidable. In fact, about 84%[1] of software breaches happen at the application layer, which means organizations looking to build secure software must use at least a handful of application security (AppSec) scanning tools to test their code—from code commit to build to deployment.
Jul 6, 2021   |  By ZeroNorth
Sorting out the differences and similarities among the various open source (OS) security tools is no easy task. In fact, many security practitioners today agree, it can be staggeringly complex. Although automated OS security scanning tools make it easier to find and patch existing vulnerabilities in web applications, thereby reducing the burden on security and development teams, they do require a good deal of management and oversight.
Jun 24, 2021   |  By ZeroNorth
Visibility within an application security (AppSec) program is key to accountability. CISOs and executive leaders can’t expect to hold developers and product lines responsible for security when these professionals don’t have the comprehensive insight needed to properly assess risk and security gaps.
Apr 28, 2020   |  By ZeroNorth
ZeroNorth celebrates its first birthday.
Apr 8, 2020   |  By ZeroNorth
Establishing an application security program is an ongoing process – there are always steps you can take to improve your program. Join Veracode CTO, Chris Wysopal, Bugcrowd CTO, Casey Ellis, ZeroNorth CTO, John Steven and Optiv Director of Threat Management, Luis Jimenez for a one-hour panel discussion on best practices for maturing your AppSec program. And, if you’re just starting your AppSec journey, our experts will also be providing some practical first steps you can take that will prepare your AppSec program for improvements in the future.
Mar 22, 2020   |  By ZeroNorth
ZeroNorth CEO Interview at RSA Conference 2020
Feb 20, 2020   |  By ZeroNorth
Learn how you can solve three key application security challenges with the ZeroNorth platform.
Jan 9, 2020   |  By ZeroNorth
Learn how ZeroNorth's risk-based vulnerability orchestration platform can help you better compete in today's software-defined world.
Dec 5, 2019   |  By ZeroNorth
Digital transformation involves removing the barriers to delivering value to customers. The mechanisms of digital transformation: DevOps, microservices architecture and others, simplify and speed delivery but complicate aspects of security–particularly vulnerability discovery. Yet, as firms release more and more microservices to production, and do so more frequently, the need to understand changes to the attack surface increases.
Oct 21, 2019   |  By ZeroNorth
As digital transformation is driving organizations to become software-centric, many turn to Amazon Web Services for the flexible infrastructure that supports the rapid development and delivery of software, such as microservices. But gaining a comprehensive view of risk across an AWS environment can become challenging. In this webinar, ZeroNorth vice president of Engineering Andrei Bezdedeanu shares details on how the platform’s integration with AWS Security Hub provides a comprehensive view of application and infrastructure security across AWS, from custom code development, to open source libraries, to applications moving towards production.
Oct 14, 2019   |  By ZeroNorth
Digital transformation isn’t coming–it’s here. ZeroNorth surveyed cybersecurity professionals across a range of industries to get their input on effectively managing risk across applications and infrastructure in this age of digital transformation. Join ZeroNorth CTO John Steven and vice president of marketing Dave Howell as they discuss the findings of the survey.
Sep 20, 2021   |  By ZeroNorth
In May 2021, the White House issued an Executive Order (EO) focusing on improving the United States' cybersecurity posture. Among other things, the EO calls for enhancing software supply chain security and strengthening the security of software used by the Federal Government. In short, this EO puts application security (AppSec) front and center. Beyond this EO, various regulatory and industry guidelines and mandates either imply or point directly to building stronger AppSec programs to protect private consumer information.
Aug 10, 2021   |  By ZeroNorth
This book shows you how to create a DevSecOps structure capable of empowering organizations to continually deliver secure software as quickly and efficiently as possible.
May 5, 2020   |  By ZeroNorth
Application security is usually done by finding, fixing and preventing vulnerabilities, with an emphasis on finding solutions to prevent cybersecurity events in the future. As technology advances-and more rapidly than ever-how will the next generation of AppSec address these new challenges?
May 5, 2020   |  By ZeroNorth
For digital transformation initiatives to be successful, rapid development and delivery of software capabilities is crucial. This paper highlights the time needed to support the comparison, selection, deployment, and on-going management of the tools and techniques inherent to a comprehensive vulnerability management program, across applications and infrastructure, as they will significantly impact the TCO of that program.
May 1, 2020   |  By ZeroNorth
Stop treading water and simplify the management and remediation of your software vulnerabilities. This eBook discusses challenges with current approaches, the differences between automation and orchestration and the steps to get started with orchestration.
May 1, 2020   |  By ZeroNorth
From security threats to compliance regulations to the unrelenting pace of business, staying conscious of cybersecurity risks in 2020 is shaping up to be a full-time job. Around this time of year, experts love to offer up their predictions about what's on the digital horizon and how we can best prepare ourselves for the inevitable future. Whether or not these apocalyptic cybersecurity situations come to fruition remains to be seen, but one thing's for sure-it will be a year to watch.
Apr 1, 2020   |  By ZeroNorth
What's your company's risk appetite and overall security posture? CISOs now not only have to communicate to IT and your peers, but you have to effectively understand your company's risk appetite. This paper outlines best practices to help you effectively identify, manage and communicate risk.
Apr 1, 2020   |  By ZeroNorth
Virtually every business in the world relies on software to keep their competitive edge. At the same time, application vulnerabilities are escalating, and data breaches-how to prevent, plan and recover from them-are common C-suite conversations. This paper discusses how a risk-based approach to vulnerability orchestration across applications and infrastructure empowers organizations to critically assess their security with real data, bringing them closer to truly secure DevOps with well-aligned security, operations and development teams.
Mar 1, 2020   |  By ZeroNorth
Many organizations these days have become so focused on protecting themselves against sophisticated threats, they pay less attention to the seemingly mundane (but no less important) tasks required to secure an enterprise. According to the 2019 Verizon Data Breach Investigations Report, "vulnerability exploitation" is still one of the most prominent forms of attack.

ZeroNorth is the industry’s first provider of risk-based vulnerability orchestration across applications and infrastructure, enabling stronger security as businesses embark upon digital transformation initiatives, from DevOps to microservices to the cloud.

By orchestrating scanning tools across the entire software lifecycle, ZeroNorth provides a comprehensive and continuous view of risk, and reduces costs associated with managing disparate technologies. ZeroNorth empowers customers to rapidly scale application and infrastructure security, while integrating seamlessly into developer environments to simplify and verify remediation.


  • Visibility & Assurance: Create a closed-loop discover/remediate/validate process for continuous assurance.
  • Secure DevOps Process: Integrate vulnerability testing, prioritization and remediation without impacting existing DevOps workflows.
  • Rapid AppSec: Jump start and accelerate key security initiatives with free-to-use open source scanning tools.
  • PCI DSS Compliance: Single-pane-of-glass view improves ability to manage your PCI-compliance program.

Risk-Based Vulnerability Orchestration Across Applications and Infrastructure.