Security Compass Blog

Security Compass Releases Research Report: 2021 Year in Review

Security Compass releases a new research report on the state of enterprise cybersecurity in 2021. Topics covered include threat modeling, DevSecOps, cloud adoption, and the US Department of Defense

How to Avoid the OWASP Top 10 List of Software Vulnerabilities and Risks

Find out what security vulnerabilities have changed since the OWASP Top 10 of 2017 list and how insecure design can remediate risk.

What is Threat Modeling?

What is threat modeling? We define threat modeling, provide examples of common techniques, and explain how it relates to the secure software life cycle.

How To Breathe New Life into Your Security Training Program with Games

Gamification is one of the most effective ways to engage and motivate learners.

log4j2 Update

Publish-Subscribe Threat Modeling

How to threat model in a publish-subscribe environment with the STRIDE threat modeling method.

Research Study Results: US Government Agencies Face Numerous Challenges Balancing Software Security & Time to Market Demands

Research Study Results: US Government Agencies Face Numerous Challenges Balancing Software Security & Time to Market Demands

Cloud Computing Trends: The State of Cloud Adoption in 2021

Cloud usage among enterprises continues its upward trends, outpacing the fast-growth expectations of only just a few years ago.

Data Flow Diagrams and Threat Modeling

Threat modeling is not a new concept. However, it would serve us well if we examined where we are today compared to the past. Or more precisely, have we improved?

Threat Modeling: An Essential Cornerstone of DevSecOps Culture

Threat modeling as a proactive practice in software development can help prevent many data breaches. Let's learn about the current state of threat modeling.

How to Transition from PA-DSS to PCI Software Security Framework

Back in 2019, the PCI Security Standard Council replaced the PA-DSS program with the new PCI SSF. Let's learn how you can make your transition smooth.

Improving Cybersecurity: Impact of the U.S. Executive Order

Last month, the Biden administration signed an Executive Order to improve cybersecurity. One aim of the new order is to regulate what the government considers reasonable security practices.

U.S. Federal Government Agencies: SD Elements Embeds Cybersecurity Training Into DevSecOps

Cybersecurity training programs for developers help build a culture of security in your organization as well as raise awareness about secure coding best practices.

How the Financial Industry Can Prepare for Cyber Threats of the Future

Learn about the latest cybersecurity threats to the financial sector and the importance of implementing new tech with an approach of security by design.

NIST 800-53 Revision 5: Preparing for Transition and Ensuring Compliance

After years of anticipation, the NIST SP 800-53 Rev. 5 was released in 2020. Let's learn how federal information systems can ensure compliance with these security controls.

Building the Next Generation of Cybersecurity Consultants: An Interview with Manny Mand

What does it take to grow the next generation of cybersecurity consultants? Manny Mand discusses his cybersecurity journey and role at Hackers for Change.

Confronting Common Container Security Vulnerabilities

Containers are transforming how businesses deploy and use applications. Find out how you can defend your business against common container security risks.

Penetration Testing at the Speed of Agile

When penetration testing in Agile, yearly is not enough. Learn how continuous penetration testing leads to cost savings, time savings, and more secure software.

SD Elements Meets the U.S. DoD Iron Bank Security Requirements

SD Elements is now available in the U.S. DoD Platform One Iron Bank repository which contains authorized container images hardened to the department’s exacting specifications.