Mayhem Blog

In this blog, we’ll take a look at Part One of the Securing The Software Supply Chain series released by the NSA, the CISA, and the ODNI.

With vulnerability scanning, you are only addressing the known vulnerabilities and missing the bigger picture, which are the unknown vulnerabilities.

Using SAST alone can cause significant frustration for developers and fall short for security for two fundamental reasons.

Learn to "test like a hacker” by testing with the goal of generating exploitable defects, then using those to inform remediation efforts.

From driverless cars to cryptocurrency, software reimagines possibilities. With software standing at the core of everything we do, we find ourselves pushing out code faster than ever. As we continue to accumulate security debt and struggle to solve the cybersecurity workforce shortage, it becomes clear that we’re living on borrowed security time.

In August 2021, Dr James Ransome hosted the Fuzzing Real Talks at FuzzCon 2021. Ransome was joined by industry experts Anmol Misra of Autodesk, Larry Maccherone of Contract Security, Damilare D. Fagbemi of Resilient Software Security, and Jeff Costlow of Extrahop Networks.

In August 2021, Brook S. E. Shoenfield -- Author, Passionate Security Architect, and Curious Questioner of Assumptions -- challenged whether application security can be fixed at FuzzCon 2021. Shoenfield observed and boldly called out that breaches not only continue to roll in, but the cadence continues to increase.

Security needs to be part of the development experience. This has given rise to the application security space. And, like the internet itself, it needs to evolve.

DevSecOps is the expansion of DevOps that includes security professionals as well. The idea is for everyone to be looking at the code together, rather than in silos. This will produce the most robust and resilient software with the least amount of time and cost.