Selecting a Software Composition Analysis Tool
So, you have decided to take the plunge and implement a tool for Software Composition Analysis (SCA). This is a big step toward improving the security of your applications and the security posture of your organization as a whole. Congratulations! Or maybe you’ve never heard of SCA, but you’re curious what it is. A Software […]
A Step-by-Step Guide to Choosing the Best Software Security Tools
Introduction In a previous post, we discussed foundational practices for Software Security. Several of these practices require selecting and implementing purpose-built software security tools. These are the most frequently tools used to scan your source code and manifest files for vulnerabilities. However, if your organization has not yet established code scanning tools and practices, one […]
Securing Your Software Supply Chain
The Problem The principle of code reuse is a foundational axiom of software development. This best practice has manifested itself, in part, in the form of centralized package repositories like Nuget and NPM from which developers can access an entire Internet’s worth of libraries to supplement their code. But when using someone else’s code like […]
Software Security For Humans
How secure is your software? Pondering this question can provoke uncertainty (or even fear) depending on the experience level of your software team and the maturity of your control processes. However, this does not need to be the case for most software teams. Software security is not easy, but neither is it exclusively the domain […]