I had the pleasure of chatting with Rajendra (Raj) Umadas, who is working as the Head of Information Security at Actblue. He’s been involved in security programs for some truly cutting-edge organizations, like Etsy, Spotify, WeWork, and Compass. Raj is not just a security expert, but also a true leader. Our conversation weaves together his reflections on security and leadership. Check out the full episode here.

When developing applications, organizations rely heavily on the software development lifecycle (SDLC) to engrain security into the development process early and continuously. The SDLC lays out how to build security into early steps as developers are creating and testing applications. As such, organizations are able to embed security practices when it matters most.

Tailored use of pen testing can provide critical support and insights for gauging the health of your SDLC.

Are you or your development team tired of using application security tools that generate countless results, making it difficult to identify which vulnerabilities pose actual risks? Do you struggle with inefficient or incorrect prioritization due to a lack of context? What adds insult to injury is that traditional CVSS scoring methods ignore critical details like software configurations and security mechanisms.

According to CrowdStrike Report, a 50% increase has been analyzed in active intrusions and cyber-attacks in 2022. And the number may increase in 2023 too. With more and more applications becoming a target of hackers, it getting complex for developers to identify relevant security approaches. Development teams are somewhere unable to select the best mechanism, which would be compatible, high-performing, and strong enough to prevent attacks.

Organizations are facing significant challenges with vulnerabilities throughout the software development lifecycle (SDLC). Many still spend a lot of time to detect and prioritize one vulnerability in both development and production, indicating there is room for improvement in vulnerability management, according to a new survey from Ponemon Institute on behalf of Rezilion.

Spotify’s engineering team recently published a blog discussing their use of Snyk to maintain security testing in the SDLC. The following is a recap of that blog written by Engineering Manager, Edina Muminovic. Spotify, a company known for employing thousands of world-class developers, needed to redraw its software development lifecycle, or SDLC.

Learn about the phases of a software development life cycle, plus how to build security in or take an existing SDLC to the next level: the secure SDLC. The digital transformation that has swept across all industry sectors means that every business is now a software business.

With all the remote works, online businesses, and digital lifestyle, applications (software) have become an integral part of our lives. In contrast, the growing rate of data breaches and cyber-attacks exploiting minor glitches in application functionality has diverted attention to application security which is still underrated in the era of phenomenal technological advancement.

Vulnerabilities found in application platforms and third-party libraries have drawn growing attention to application security in the last few years, putting pressure on DevOps teams to detect and resolve vulnerabilities in their Software Development Life Cycle (SDLC). Take the NVD (National Vulnerability Database), which tracks and records all significant vulnerabilities published and disclosed by software vendors.