Using the Forrester assessment, you can measure the maturity of your AppSec program to help identify areas for improvement. Any organization that wants to secure its software should make maturity of its AppSec program its holy grail. Maturity means making security the first thought, not an afterthought. It means embedding security into software throughout the development life cycle, not trying to patch it at the last minute before production.

Mobile device management and mobile application management are critical to securing your organization’s data and IoT devices. According to recent research, the average household has 25 connected devices, an increase from 11 in 2019. This widespread adoption, along with a global pandemic, has changed the way we operate and communicate, both personally and professionally.

Two vulnerabilities affecting different Spring projects were identified this week. Here’s what you need to know about Spring4Shell and CVE-2022-22963. The Internet is buzzing with talk about two separate vulnerabilities related to different Spring projects. The two are not related, but have been confused because both vulnerabilities were disclosed at nearly the same time.

Managing the risks of your software supply chain requires more than a basic understanding of the software components that make up your applications. My wife and I have four children, which means we’ve done a ton of shopping at Costco over the years. First it was diapers, then cereal, then every other kind of food, all of which provided significant savings for our family of six.

With a software Bill of Materials (SBOM), you can respond quickly to the security, license, and operational risks that come with open source use. A software Bill of Materials (SBOM) is a list of all the open source and third-party components present in a codebase. An SBOM also lists the licenses that govern those components, the versions of the components used in the codebase, and their patch status, which allows security teams to quickly identify any associated security or license risks.

Will NIST’s cybersecurity labeling for consumer software and IoT products help us achieve better security? Our experts weigh in. If one of the goals of President Biden’s May 2021 “Executive Order on Improving the Nation’s Cybersecurity” is fulfilled, you’ll be able to look for a quality and security assurance label on any software product you consider buying.

Census II examines the most popular components of free and open source software and highlights the issues affecting the security of these libraries. Last week, the nonprofit Linux Foundation and Harvard’s Lab for Innovation Science published Census II of Free and Open Source Software—Application Libraries. This report identifies more than 1,000 of the most widely deployed open source application libraries.

With challenging cybersecurity requirements on the horizon for automotive companies in 2022, security teams can look to BSIMM12 for guidance. For security teams in the automotive industry, 2021 was an extremely busy year. Cybersecurity became a requirement for market access and compliance, so the entire industry faced a challenging timetable. The security groups in automotive companies are experiencing “forced growth” brought about by rigorous cybersecurity compliance requirements.

For a variety of reasons, some more obvious than others, it’s unreasonable to expect federal and local governments to develop the software that supports their day-to-day operations. So they turn to solutions provided by private companies. This is really a win-win situation; the government gets access to best-of-breed solutions developed by experienced companies, and the vendor secures funds that help spur innovation that’s available to the public and private sector alike.

I love the boundless possibilities of modern software development. Anyone with a computer and an internet connection can code. More than any other time in human history, each of us has the power to build something in software, to realize whatever we can imagine. At the same time, a thriving ecosystem of open source software components allows us to stand upon the shoulders of giants, to quickly assemble huge building blocks of existing functionality that can rocket us toward our own goals.