Secure by Default: Lock down your development for better AppSec
Secure by Design's cousin can help make software more secure out of the box by adding guardrails to development. Here's how it helps — and its limitations.
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
Secure by Default: Lock down your development for better AppSec
OASIS Open's push for a software supply chain standard: All together now?
The aim is to build a unifying framework incorporating existing SBOM data models, including CSAF, CycloneDX, OpenVEX, and SPDX. Experts weigh in with key insights.
How platform engineering helps you get a good start on Secure by Design
Self-service portals for developers can help organizations overcome challenges to getting up and running with CISA's software security initiative.
Why malware matters most: 6 ways to foil software threats faster
Making malware enemy No. 1 should be a top priority for AppSec teams. Here's why you need to shift your team's focus from vulnerabilities.
9 best practices for leveraging threat intelligence in your security operations
Cyberthreat intelligence can bolster your SecOps with actionable info — if you choose wisely. Here's how to get started with CTI and what you need to know.
NSA's zero-trust maturity for AppSec: What you need to know
The new initiative aims to help teams secure application access — and ensure continuous visibility of the workload. Experts weigh in with key insights.
The state of AppSec: Are we getting ahead of attackers — or falling behind?
Is application security keeping up with modern supply chain attacks? One SME urges "glass half full"-optimism. The reality: AppSec tooling needs an upgrade.
Will CISA's Secure by Design pledge be a catalyst for better software security?
CISA has support from more than 60 companies, and it hopes more will follow. Here's what's in the pledge — and what experts say about its chances of success.
When it comes to threat modeling, not all threats are created equal
With inherent threats, which are core to the system being modeled, protective measures cannot be perfect or complete. Here's how to best manage that.