What Does a Code Pipeline Look Like in Modern Application Development
Modern Application Development (or MAD) is a set of development methodologies that enables organizations to reduce their time-to-market ..
What, How, and Where Open Source Gets Pulled into a Codebase
The vast majority of software developers in the industry today are paid to solve business problems. Regardless of whether they work for small ..
What Does It Take To Be a Security Champion on a Modern AppDev Team?
Application security has always been important. But since organizations are constantly moving towards shorter development cycles, increased ..
A Developer’s View: How Attackers Can Infect Open Source Codebases
Most open source projects welcome contributions from anyone. That’s one of the key strengths of open source development as a whole ..
A Developer’s View: The Move to Cloud-Native is Here
“Cloud-native” is a technical term that describes the general tendency to move software systems from a hosted environment to a public ..
A Developer’s View: What Exactly Is Modern Application Development?
What is modern application development? That may sound like an impossible question to answer. Not only is “modern” a relative and subjective ..
Why You Need an Accurate “Parts List” for Your Software
With the mass adoption of open source software in recent years, there has been an increasing tendency to include it as dependencies. This ..
A Developer’s List of Key Container Security Risks
There are a variety of excellent reasons to use containers. They’re more agile and consume fewer resources than virtual machines. They ..
A Developer’s List of Infrastructure as Code (IaC) Risks
Infrastructure-as-Code (IaC) tools are exemplary software solutions that Developers and DevOps teams use to describe common infrastructure ..
OWASP API Risk List: What It Does Well, and What Could Be Improved
Heeding the security advice of leading community groups – like the Open Web Application Security Project (OWASP) – is a best practice for ..
How API Use Cases Have Evolved, and What It Means for API Security
APIs are like telephones: they have been around for quite a while, yet they have changed tremendously in recent years. And if you take ..
Actionable Opportunities for Federal Agencies to Accelerate ATO
In a previous blog post, we talked about the shift-left movement and the principles behind DevSecOps. The article’s objective was to take ..
How to Evaluate the Maturity and Security of Your Public Sector Software Project
Over the past decade, commercial software organizations have embraced new approaches to software development that have allowed them to accelerate ..
Why State and Local Governments Need Application Security Testing
For state governments, local governments, and education agencies (a cohort often referred to as the SLED sector), there has perhaps never ..
Why Developers Use Open Source in Their Projects – and How to Manage the Risks
If you’re a developer, incorporating open source code into your project is like ordering a meal kit instead of cooking from scratch. It saves ..