Comparing Aikido and Snyk for SCA Scanning

A small step towards total market coverage

Vulnerability Management Part 1 - Assets and Fixes

A three part series detailing what data is helpful for operationalizing vulnerability management (1/3)

Technical Guides

Part 1: What is Reachability

A guide into understanding what reachability is

How Container Vulns Get Fixed

Walking through the process of fixing container vulnerabilities

Shortcuts Sell

And other realities from last week's fundraising

WTF is Cloud Application Detection Response (CADR)?

Everything security teams need to detect real time attacks against modern infrastructure (Part 3/3)

The Kubernetes Gap in CNAPP

Exploring why many CNAPPs have a Kubernetes gap

CVE-2024-6387 Response Resources - "regreSSHion"

TL;DR: Qualys research team discovered an issue where you can exploit OpenSSH with a “brute force” like timing attack from the outside. This will effect vulnerable OpenSSH library versions, which is essentially any public facing Linux server open on port 22. In my opinion, the likelihood on a real

Understanding the Polyfill Attack (Polykill)

And some thoughts about what it shows about our tooling trends

WTF is Application Detection and Response (ADR)?

Arguing for three pillars of runtime application visibility (2/3)

WTF is Cloud Detection and Response (CDR)?

Let me cook, we're making the future here! Part 1/3.

5 Steps for Creating an AppSec Program

Threat Model -> Design -> Scan -> Scale