Blog Posts
The Role of DevSecOps in Continuous Authority to Operate
DevSecOps favors rapid development and deployment. Such rapid development and deployment must be balanced against the need to ensure software systems are secure with minimal risk, thus enabling them to …
• By Thomas Scanlon
In DevSecOps
7 Quick Steps to Using Containers Securely
The use of containers in software development and deployment continues to trend upwards. There is good reason for this climb in usage as containers offer many benefits....
• By Thomas Scanlon, Richard Laughlin
Decision-Making Factors for Selecting Application Security Testing Tools
In the first post in this series, I presented 10 types of application security testing (AST) tools and discussed when and how to use them....
• By Thomas Scanlon
In Secure Development
10 Types of Application Security Testing Tools: When and How to Use Them
Bugs and weaknesses in software are common: 84 percent of software breaches exploit vulnerabilities at the application layer....
• By Thomas Scanlon
In CERT/CC Vulnerabilities
Implications and Mitigation Strategies for the Loss of End-Entity Private Keys
When a private key in a public-key infrastructure (PKI) environment is lost or stolen, compromised end-entity certificates can be used to impersonate a principal that is associated with it....