How Mayhem Fits Into the Federal Guidance for Securing the Software Supply Chain

How Mayhem Fits Into the Federal Guidance for Securing the Software Supply Chain

In this blog post, we’ll take a deeper look at the NIST guidance for software development. In particular, we’ll look at PW 8.2 in NIST 800-218.
What does the Federal Guidance on Securing the Software Supply Chain Mean for Developers?

What does the Federal Guidance on Securing the Software Supply Chain Mean for Developers?

In this blog, we’ll take a look at Part One of the Securing The Software Supply Chain series released by the NSA, the CISA, and the ODNI.
Why Vulnerability Scanning Alone Is Not Enough to Keep Your Software Secure

Why Vulnerability Scanning Alone Is Not Enough to Keep Your Software Secure

With vulnerability scanning, you are only addressing the known vulnerabilities and missing the bigger picture, which are the unknown vulnerabilities.
Why “Complete Coverage” SAST Tools Fall Short for Developers

Why “Complete Coverage” SAST Tools Fall Short for Developers

Using SAST alone can cause significant frustration for developers and fall short for security for two fundamental reasons.
3 Reasons Developers Should Learn to Test Like a Hacker

3 Reasons Developers Should Learn to Test Like a Hacker

Learn to "test like a hacker” by testing with the goal of generating exploitable defects, then using those to inform remediation efforts.
Why The Next-Generation Of Application Security Is Needed

Why The Next-Generation Of Application Security Is Needed

From driverless cars to cryptocurrency, software reimagines possibilities. With software standing at the core of everything we do, we find ourselves pushing out code faster than ever. As we continue to accumulate security debt and struggle to solve the cybersecurity workforce shortage, it becomes clear that we’re living on borrowed security time.
The FuzzCon 2021 Real Talks Panel

The FuzzCon 2021 Real Talks Panel

In August 2021, Dr James Ransome hosted the Fuzzing Real Talks at FuzzCon 2021. Ransome was joined by industry experts Anmol Misra of Autodesk, Larry Maccherone of Contract Security, Damilare D. Fagbemi of Resilient Software Security, and Jeff Costlow of Extrahop Networks.
Can Application Security Testing Be Fixed?

Can Application Security Testing Be Fixed?

In August 2021, Brook S. E. Shoenfield -- Author, Passionate Security Architect, and Curious Questioner of Assumptions -- challenged whether application security can be fixed at FuzzCon 2021. Shoenfield observed and boldly called out that breaches not only continue to roll in, but the cadence continues to increase.
The Evolution of Security Testing

The Evolution of Security Testing

Security needs to be part of the development experience. This has given rise to the application security space. And, like the internet itself, it needs to evolve.

Fancy some inbox Mayhem?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

By subscribing, you're agreeing to our website terms and privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Add Mayhem to Your DevSecOps for Free.