How Do You Justify Investment In Product Security?
by Corin Imai on
How do you justify investment in product security? On a recent episode of the Future of Application Security, FullStory’s VP of Product Security and Compliance, Mark Stanislav shared his views.
Read more
Should You Outsource Product Security Maturity Modeling to a Third Party?
by Corin Imai on
Should you outsource product security maturity modeling to a third party? On a recent episode of the Future of Application Security, FullStory’s VP of Product Security and Compliance, Mark Stanislav shared his views.
Read more
OpenSSL 3.0.7 Patch – Spooky TLS: The Patch That Gave Everyone a Halloween Scare
by Corin Imai on
Spooky TLS scared all of us last week, but today we came to find out that this may have been overblown - it was downgraded from CRITICAL to HIGH primarily due to non-exploitability (under most circumstances) for RCE. If you are still looking to identify and remediate assets with 3.x, we are here for you.
Read more
5 Most Common Challenges To Shifting AppSec Left and How to Overcome Them
by Corin Imai on
Shifting AppSec Left? Here are the 5 most common AppSec challenges teams face and what can be done to overcome them.
Read more
Invoke Change with GitHub CodeQL and Tromzo
by Corin Imai on
This is part three of our GitHub series, where we have covered GitHub and Application Security, GitHub Dependabot, and now GitHub CodeQL. Following this blog, we will cover GitHub Secret Scanner. Some additional resources that might be helpful are the two blogs How GitHub Uses Dependabot and What are Software Dependencies. Let’s dive into CodeQL!
Read more
How to Operationalize GitHub Dependabot
by Corin Imai on
Dependabot is an awesome Dependency Monitoring tool that helps keep dependencies up to date. In real-time, it checks dependency files for outdated requirements and opens individual pull requests (PRs) for any it finds. Then, users can review, merge, and get to work on the latest, most secure releases. When users check in an insecure dependency, or a new vulnerability is discovered in an existing dependency, Dependabot will notify users with security alerts for vulnerable dependencies. Additionally, Dependabot Alerts and Dependabot Security Updates watch the National Vulnerability Database and other sources for vulnerabilities in open source packages. If Dependabot finds a vulnerability in a leveraged package, it sends an alert. If it can suggest a fix, it also sends a PR to update the dependency manifest with the closest non-vulnerable version.
Read more

Ready to Scale Your Product Security Program?

Sign up for a personalized one-on-one walkthrough.

Request a demo
Illustration Illustration

[email protected]

Request a demo