The implications of adding SAST to your CI/CD pipeline
Continuous integration and deployment pipelines are the ideal places for final checks before production, but should you add big SAST scans into the mix?
DevSecOps for OpenAI: detecting sensitive data shared with generative AIs
The rapid adoption of generative AIs is exciting but comes with the same data risks as any third-party service.
How to Assess Third-Party Data Security
Third parties are a prime source of leaks and breaches when it comes to sensitive data, but there are ways you can properly vet them to minimize risk.
Can we prevent a security incident like Loom’s?
Loom experienced a security incident caused by an unusual source—the order of their express middleware. Here's how to detect the problem in your own code.
Developers access more sensitive data than you think!
To better understand how often developers access sensitive data, you need real numbers. We did the math: it's more than you think.
Data security is a mirage
We use the term data security, but we're really just disguising the fact that security needs to put more focus on data.
Data security is not data privacy
The discourse around privacy and security is often confusing. Not because anyone wants it to be, but because the two share a core base: data.
Data-First Security should become the de facto standard
The industry has shifted security left, but data security is often forgotten. It's time to make data the priority. It's time for data-first security.