Home
securing.dev
Cancel

DevSecOps Essentials: Software Asset Management

TL;DR / Summary at the end of the post. The information shared in this series is the distilled knowledge gained from my experience building the DevSecOps program at Thermo Fisher Scientific - a F...

DevSecOps Essentials: An Overview

TL;DR / Summary at the end of the post. The information shared in this series is the distilled knowledge gained from my experience building the DevSecOps program at Thermo Fisher Scientific (a gl...

A Return to Darkness

Allow me to preface everything you’re about to read with this: I hope that I’m wrong. Lately I’ve been thinking about what it must have been like to be a Roman citizen during the fall of thei...

Security is a Feature

TL;DR / Summary at the end of the post. The greatest challenge in any Application Security or DevSecOps program is driving remediation of vulnerabilities found in the software our companies wr...

Static Analysis: Local vs. Remote Sources

TL;DR / Summary at the end of the post. Full Disclosure up-front: I am employed as a Code Scanning Architect at GitHub at the time I published this article. In Part 1 of this series I made re...

Comprehensive Static Analysis: Accuracy, Speed, or Completeness

TL;DR / Summary at the end of the post. Full Disclosure up-front: I am employed as a Code Scanning Architect at GitHub at the time I published this article. As in my previous posts on Static ...

Binary Static Analysis: Accuracy, Speed, or Completeness

TL;DR / Summary at the end of the post. Full Disclosure up-front: I am employed as a Code Scanning Architect at GitHub at the time I published this article. As in my previous post on Static C...

Static Code Analysis: Accuracy, Speed, or Completeness

TL;DR / Summary at the end of the post. Full Disclosure up-front: I am employed as a Code Scanning Architect at GitHub at the time I published this article. In Part 1 of this series I discusse...

The 3 types of Static Analysis

TL;DR (with a link to the official Ted Lasso biscuit recipe at the end) Full disclosure up-front: I am employed as a Code Scanning Architect at GitHub at the time of publishing this post. It ...

Inspirations in Security

Over the past 3 years, I’ve been doing a lot of thinking about how much value there is in maintaining an online persona - of maintaining one’s presence amongst the cacophony of voices talking, twee...