Ponemon Institute’s Reducing Enterprise Application Security Risks: More Work Needs to Be Done looks at the reasons why many enterprises consider the application layer to be the highest security risk. Ponemon Institute, in partnership with WhiteSource, surveyed 634 IT and IT security practitioners about their enterprises’ approach to securing applications.

Open Policy Agent, or OPA, is an open source, general purpose policy engine. OPA decouples policy decisions from other responsibilities of an application, like those commonly referred to as business logic. OPA works equally well making decisions for Kubernetes, Microservices, functional application authorization and more, thanks to its single unified policy language. So what’s a policy engine? And what’s policy? A policy can be thought of as a set of rules.

We’re delighted to share new features of Snyk Infrastructure as Code (Snyk IaC) designed to support how Terraform users write, plan, and apply their configurations. With Snyk IaC, you can get immediate guidance on security configurations as you write, and scan your Terraform plans in your deployment pipelines to ensure your changes and complete configuration are safe.

Application development has changed, and development teams have begun supporting a model of rapid and frequent deployments to support the pace of innovation demanded by digital transformation. From an application security perspective, this means scaling through DevSecOps and supporting developer-first security. The unique challenges and solutions for shifting to DevSecOps were the subject of a recent roundtable discussion featuring Aner Mazur, Chief Product Officer at Snyk and Christer Edvartsen, Sr.

The term “gig economy” refers to the increasingly common use of skilled freelance or otherwise independent workers on a short-term basis—often one project at a time. The availability of these sorts of gig workers has brought massive change to global work culture over the last few years.

Last night, the Biden administration released an executive order on cybersecurity that includes new security requirements for software vendors selling software to the U.S. government. These requirements include security testing in the development process and a bill of materials for the open source libraries in use, so known vulnerabilities are disclosed and able to be tracked in the future. Without following these standards, companies will not be able to sell software to the federal government.