CVSS 4.0 is here. Will it make vulnerability scores more useful?

The DevSecOps benefits of cloud-native security

Never mind the buzzwords: Here’s the straight deal on application security

Looking for the best in DAST: How to select DAST tools for DevSecOps

SolarWinds, the SEC, and the CISO: Who is legally responsible for security?

An abundance of caution: Why the curl buffer overflow is not the next Log4Shell

Rapid Reset HTTP/2 vulnerability: When streaming leads to flooding

Top 5 application security misconfigurations