Recent Posts from Ericka Chickowski
November 22, 2023
Legacy development patterns and testing tools are holdovers from a more reactive type of AppSec. Here's why that's a problem — and how to move forward.
November 14, 2023
Don't neutralize CI/CD business gains by failing to account for risk. Here are eight best practices to ensure your software development pipeline is secure.
October 25, 2023
Application security veterans Mark Curphey and John Viega went on a CISO listening tour. Here is what they learned.
September 21, 2023
Here's what your team needs to understand about threat modeling and software supply chain security — a critical mapping of risk.
August 23, 2023
Vulnerability management and piecemeal app sec testing are like paying the interest only on mounting security technical debt. Where do you stand?
August 21, 2023
GUAC-ALYTICs will model risk across open source software supply chain interdependencies using a new algorithmic engine. Here's what you need to know.
July 24, 2023
In addition to the extensive list of components in today's software, AI relies on open source AI models and training data. What could possibly go wrong?
June 26, 2023
Hackers are having a field day targeting developers with supply chain attacks, which open doors to other compromises. Here's why — and what to do about it.
June 5, 2023
Here are five AI threats that your security operations team should be planning and budgeting for if you want to stay ahead of the emerging threat with AI.
May 16, 2023
The path to success for software bills of materials is riddled with hurdles. Experts explain key factors that could threaten your SBOM investments.
May 2, 2023
Learn why Software Bills of Materials are essential for cybersecurity incident response — and how to put them to work.
April 11, 2023
Here's why some security practitioners question the term "shift left" — and what they think application security teams should focus on instead.