Author Archives: Mark Miller

Greg Anderson, OWASP 2017

Expanding Community Engagement at OWASP w/ Greg Anderson [Podcast]

Expanding Community Engagement at OWASP w/ Greg Anderson [Podcast]

Newly elected to the OWASP board, Greg Anderson is interested in how to expand the OWASP community. I talked with him about what he hopes to accomplish in his tenure on the board, the first initiatives he would like to implement and on various ideas for working with OWASP chapters, projects and events. About Greg

Application Health Check

Application Health Check App v.2.3.0-02

The Application Health Check application, our free vulnerability assessment tool that provides a Software Bill of Materials, has been updated to v.2.3.0-02. You can find it on the AHC download page. AHC will provide you with a Software Bill of Materials for the open source components within your applications. The latest versions available are: Windows:

Caroline Wong and Paula Thrasher at DOES 2017

Thoughts on Security in the Modern Software Supply Chain with Caroline Wong and Paula Thrasher

Caroline Wong, Vice President at Cobalt.io, Paula Thrasher, Director Digital Services, CSRA, and I were having lunch at DevOps Enterprise Summit when the conversation took an interesting turn. Paula and Caroline had been on a panel the previous day and didn’t get a chance to do a deep dive into any of the topics. As we

Nexus Exchange - Featured Image

The Nexus Exchange: 30 New Integrations from the Community

Introducing the Nexus Exchange. Over the years, members of the Nexus Community have created interesting and useful integrations with our products.  The list of projects has grown to the point where we need a central location to manage them. Today, we launch the Nexus Exchange. You’ll find integrations with Puppet, Chef, GitHub, Jenkins, Docker and many more of your

Jaya Baloo - Featured Image

AppSec EU 2017, Belfast – Keynote Preview with Jaya Baloo

“Why does OWASP even exist? Why do we even have this idea of understanding common issues, common problems. There are resources to help us do it better next time. I feel we are not learning at the curve where we should be, considering the resources available to us.” — Jaya Baloo As CISO of KPN,

Struts2 Live Updates

Apache Struts Vulnerability: Live Updates

Update: Here’s the recording of Brian Fox and Shannon Lietz talking about Apache Struts 2 and the new vulnerability announcement. We’re keeping an eye on the latest news for the Apache struts2 vulnerability that was announced earlier this week. In addition a live broadcast talking to several top security experts in the industry, we’ve got

DevOps Connect Speakeres_RSA

Full Program for DevOps Connect: DevSecOps Track at RSAC 2017

Next week, Monday, February 13, DevOps.com and Sonatype are co-hosting the DevOps Connect: DevSecOps track at RSAC 2017 in San Francisco. This is the largest security conference in the world, including DevOps sessions all day Monday, plus more placed throughout the conference agenda. I’m linking to a download of the full, printable program for the

Top