What if there was a large, global event dedicated to finding and fixing security vulnerabilities in both open and closed-source software? An event that brings developers, DevOps, and security practitioners of all skill levels and backgrounds together to collectively make the software world more secure? Well, I’m excited to announce that Snyk has made this a reality by launching The Big Fix — a month-long event that’s running now!

The Payment Card Industry Data Security Standard, also known as PCI DSS is a thorough process that reviews a company’s systems and policies for handling and storage of sensitive consumer cardholder data.

We’re almost two months from the disclosure of Log4Shell, and we here at Snyk couldn’t be more excited with the role we’ve gotten to play in finding and fixing this critical vulnerability that’s impacted so many Java shops. For starters, we’ve been able to help our customers remediate Log4Shell 100x faster than the industry average! How have we been able to achieve that?

As enterprises continue to undergo digital transformation, rapidly delivering secure software has become a necessity. Essential to this goal is the ability to measure and manage application risk across a large number of projects and development teams. In this post, we’ll cover two insightful talks from SnykCon 2021 about risk management and measuring key risk indicators for enterprise applications.

Here at Snyk, we spend a lot of time researching vulnerabilities. We do that because there are a lot of other folks out there researching new ways to break into apps and systems. We’re often putting on our “grey hats” to think like a malicious hacker. I regularly view-source, look at network traffic and eyeball query strings. One such delicious little query string caught my attention this week on one of the many copycat Wordle sites.

Snyk’s developer security platform provides developers and security professionals with the tools they need to build and operate modern applications securely. Snyk enables users to shift security left and to embrace a DevSecOps model. Modern application development teams understand that shifting left means bringing information to developers’ fingertips as early as possible in the development process to create efficient and secure applications and development processes.

Since organizations around the globe began investing more aggressively in their digital transformation by migrating and modernizing applications within the cloud, the value of audit logging has shifted. It has expanded from industries like finance and healthcare to nearly any company with a digital strategy.

What do Linux vulnerabilities and natural disasters have in common? Something seemingly dormant can suddenly spring to life, exposing activity beneath the surface. Several days ago, a security researcher published a high-severity vulnerability named PwnKit that impacts most major Linux distributions. The scary part? It’s existed since May of 2009. Polkit is a component for controlling privileges in Unix-like operating systems and is included by default on most major Linux distributions.

Building an application security program can be overwhelming. The steady stream of content encouraging teams to shift left is inspiring, but it doesn’t help you get started. Looking toward organizations with mature AppSec initiatives can make the gap seem insurmountable — all while an actionable plan remains elusive. Like anything else in software development, application security is a journey. A journey that’s much more enjoyable with some guiding principles.