Melina Scotto Mastin, an accomplished CISO and CyberEdBoard member, shared how her journey from network engineering to CISO shaped her leadership style. She emphasized collaborative cybersecurity approaches, advocating for “shift-left” practices that integrate security early in projects.
Sonar has integrated Structure 101's design expertise into its platform, enhancing code architecture and reducing dependency issues. This update helps developers streamline workflows and minimize long-term software evolution costs, ensuring good code management across multiple programming languages.
Amy Herzog, chief information security officer for Ads and Devices at Amazon, shares how her cybersecurity team accelerates product development by integrating security from the start to secure customer data on popular consumer devices such as Ring and Alexa.
After high-profile security incidents, Microsoft has dedicated 34,000 engineers to advancing security across all platforms, focusing on identity protection and rapid response. The company is embedding security into product development and governance frameworks to mitigate growing cyberthreats.
APIs are the connections that make digital business happen. Companies on average rely on more than 15,000 APIs, but these interfaces pose security risks. In this "Deep Dive" special report, ISMG's Anna Delaney explores how security leaders are tackling API security.
Trail of Bits' Michael Brown explores the dual challenges of applying AI and ML to cybersecurity and securing these evolving technologies themselves. He discusses the complementary nature of traditional and AI/ML-based approaches and highlights the pressing need for secure development life cycles.
Snyk CEO Peter McKay discusses lessons from the recent CrowdStrike outage, emphasizing the importance of robust development practices, effective communication and the integration of quality and security in modern software development. He also highlights Snyk's role in advancing developer security.
CrowdStrike must enhance testing and validation procedures and address deficiencies in its current quality assurance processes to minimize attrition. CrowdStrike should conduct a technical retrospective to understand the root cause of the faulty software content update and make necessary changes.
Developers are using more and more open-source code because they "want to move fast," said Cycode's Lotem Guy. But the speed of development and the continuous deployment that follows means security teams have to catch up to the fast-moving development life cycle.
Synopsys' Software Integrity Group will become a standalone company under Francisco Partners and Clearlake once the $2.1 billion transaction closes. General Manager Jason Schmitt explains the significance of the acquisition, the carve-out process and future growth strategies.
As organizations embrace digital transformation, software security challenges have become increasingly complex. Adriana Freitas, director of the European Foundation Anti-Phishing Working Group, offers insights on the imperative role of DevSecOps in modern cybersecurity practices.
The integration of Oxeye into GitLab’s suite marks a significant leap in the accuracy and efficiency of security scans, directly addressing the challenge of false positives in static application security testing and enhancing software security across development stages, according to GitLab.
Synopsys' board of directors signed off Wednesday on selling the company's $525 million application security testing business to focus exclusively on design automation and IP. The systems design behemoth began exploring strategic alternatives for its software integrity group in November.
Two critical vulnerabilities affecting all on-premises versions of TeamCity servers can result in authentication bypass and path traversal, enabling an attacker to gain administrative privileges for a server and take it over. Users should prioritize patching now that the exploit is public.
Looking ahead to 2024, cybersecurity professionals and experts in artificial intelligence shared with ISMG their hopes for strong, responsible regulations and new partnerships with private sector stakeholders and international collaborators to keep pace with the evolving threat landscape.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.