Posted on

Part Two: Secure Coding Urban Myths

In part one of this two-part series, we dug into a few urban myths about the security of open source code and trusting your favorite developer tools. While the myths are common, the reality is clear: taking ownership over your code with the right tools and methodologies means you’re creating applications that carry far less risk than ever before. Keep reading for three more common urban myths about secure coding—and how to go about changing them.

Myth 4: Using More Testing Types Will Just Lead To More Findings and Slow Everything Down, Causing Unnecessary Headaches

Reality: While it might seem like it’s adding extra work on the surface, having more than one testing type embedded into your development process saves time as you’re able to catch more flaws before the production stage. That means you won’t have to remediate a pile of vulnerabilities later on when it’s more of a hassle, and you'll have peace of mind knowing your code is more likely to pass policy checks. 

Posted on

What Is Cybersecurity Research Today?

Cybersecurity research has, it seems, two main thrusts. Both of them seem similar at first glance, but one is more lucrative (though not as impactful) while the other has much more impact (but doesn't seem to pull in the cash). Let's give an overview of various cybersecurity careers first, and then segue into what cyber R&D is today.

From a career perspective, you can first split jobs into either offensive or defensive specialties. Now, granted, this is a somewhat artificial delineation. After all, if you work in any corporate cybersecurity department, you've got someone either on staff or on call that can analyze suspected malware or do some post-incident forensics. But generally, offensive folks do things like pen testing and vulnerability analysis while defensive folks implement and monitor cybersecurity controls and policies in organizations. We can include forensics work and malware analysis as defensive fields. They're not a perfect fit, but as they're not focused specifically on attacking systems, let's lump them in with defensive fields.