Every year, JFrog brings the DevOps community and some of the world’s leading corporations together for the annual swampUP conference, aimed at providing real solutions to developers and development teams in practical ways to prepare us all for what’s coming next.
At this year’s AWS re:Invent, Mic McCully, Field CTO at Snyk, spoke with Jacob Salassi, Director of Product Security at Snowflake. They discussed what it looked like for Snowflake to overcome various security challenges with the right combination of processes, company culture shifts, and tool partners (including Snyk!). Read on to learn about the practices Jacob and his team established to create a successful application security program.
As companies increasingly digitalized, the necessity for cybersecurity has never been more vital. Product security engineers are in great demand since they are responsible for securing software products, operating systems, and the underlying infrastructure against potential attacks. Assuming you're interested in cybersecurity and want to work in it, this article will provide the information you need to begin your own career path as a product and application security engineer.
The philosophy of "shifting left" in software development is transforming the way we approach error and resolution. By moving the focus of error detection to earlier stages in the development cycle, teams can address issues when they are more accessible and less expensive to fix. Integral to this shift-left approach are Git hooks, powerful tools that allow us to enforce quality control right from the code-commit stage.
We’re using more code, software components, and dependencies than ever before, making security breaches an ever-growing threat. It’s easy for developers and DevOps teams to neglect dependency updates when faced with such high volume, but doing so allows applications to fall behind the latest versions if not properly managed. This typically leaves applications using outdated dependencies, which exposes them to ever-increasing security debt and risk.