Top Content Coming in 2022 Hello reader, A new year is often a time of reflection. How well did our organization perform in 2021? What improvements can we make in 2022? After the Log4j vulnerability, you might be thinking about ways to safeguard your applications. We recently created a listicle detailing the lessons learned and key takeaways from working with customers to combat the Log4j vulnerability. We encourage you to check it out. We also ask that you keep an eye out for additional informational assets on Log4j and our software composition analysis scanning tool. Log4j is just one of many considerations to take into account when evaluating your application security (AppSec). The State of Software Security (SOSS) report is the ultimate tool for benchmarking your AppSec program. You might be happy to learn that the new SOSS report is merely weeks away from release. The report will provide you with a detailed look at how the software landscape is evolving – including new development trends, the impact of open-source libraries, and how developer training influences time to remediation – and steps that can help future-proof applications. Last but not least, you need to consider industry regulations. For example, if you provide software for the federal government, you need to be up to date on the Executive Order on Cybersecurity and the NIST standards. On February 6, 2022, NIST will provide guidance on software supply chain security, referencing standards, procedures, and criteria. Look out for a blog further explaining the guidance and how you can put it into practice at your organization. We also have some great assets in the works on PCI Secure Software Lifecycle (Secure SLC) Requirements and Assessment Procedures and steps you can take to comply. Keep reading the content subscriber newsletter for the latest assets and content updates! Hope Goslin
Content Subscriber Manager // Veracode | 
No comments:
Post a Comment