A Secrets Management Maturity Model
Maturity models may be a controversial topic, but used properly we believe they can help leaders understand their capabilities and develop a roadmap for improvement.
BLOG
Cycode Integration with JFrog Pipelines and Artifactory
JFrog and Cycode created an integration that will improve the security of our customers’ digital assets and dependencies.
“Shadow Dev” and AppSec’s Visibility Gap
According to Gartner’s Information Technology glossary, Shadow IT refers “to IT devices, software and services outside the ownership or control of IT organizations.”…
Two Ways to Address the Log4J Vulnerability
Researchers have released patches for the log4j vulnerability, allowing some organizations to breathe a sigh of relief.
Executive Order 14028: NIST SSDF Explained
The President’s Executive Order (EO) on “Improving the Nation’s Cybersecurity (14028),” issued on May 12, 2021, charges multiple agencies…
NIST Cybersecurity Framework (NIST CSF)
The National Institute of Standards and Technology (NIST) first released its Cybersecurity Framework in 2014 in response to an Obama-era Executive Order mandating…
AWS CloudFormation Security: 8 Best Practices
AWS CloudFormation gives organizations the ability to easily manage a collection of AWS resources by automating the initialization, provisioning, and…
Google SLSA Framework: Key Takeaways
In light of recent, multi-billion dollar cyber attacks, Google has introduced a framework to help developers improve software supply chain security. This proposed solution is…
Understanding the Trojan Source Attack and How to Defend Against It
There’s little doubt that 2021 has been the year of the software supply chain attack, with many notable breaches that include Solarwinds…
7 Terraform Security Best Practices
Terraform, developed by Hashicorp, is an infrastructure as code (IaC) framework that allows for declarative resource provisioning…