Security Compass Blog

Quantifying Increased Productivity with SD Elements

Measuring the Economic Impact of SD Elements: A New Research Study

Many solutions claim to help organizations build more secure software, but measuring the value provided by those solutions compared to its economic and organizational costs can be difficult.

10 Proven Best Practices for Secure API Development

This post is a guide and reference for API developers that covers best practices in API security, threat modeling, and API design and development.

Microservices and What You Need to Know About Their Security

While adopting a microservices architecture can accelerate development and simplify maintenance and deployment, each microservice can present new security concerns.

Understanding Threat Modeling and Executive Order 14028

When the Biden Administration issued EO 14028, NIST recommended threat modeling as one measure to improve the security and integrity of software. Learn how to threat model effectively and efficiently.

How to Best Threat Model Cloud-Native Applications

In this article, learn the best way to threat model cloud applications. We'll discuss the security challenges presented, considerations that need to be made, and what future technology looks like.

Why You Need to Create an Effective Security Champion Program

Developers are critical to your organizational security culture. We share three steps to enlisting them in an effective security champion program to foster such a culture.

Three Important Steps to Launching a Successful Security Training Program

Our experts provide a step-by-step guide to launching a successful, engaging cybersecurity training program.

How to Build Interest and Excitement for Your Security Training Program

Security and compliance training may be compulsory but it doesn't need to be dreaded. We offer a step-by-step guide to ramp up the excitement about the start of a new training program.

The Second Annual Equilibrium Conference Focused on Product Security

Join us at #EQ22 to uncover what it takes to build strong product security for today and tomorrow.

Security Compass Advisory is Now Part of Kroll

Security Compass Advisory is Now Part of Kroll

What is DevSecOps and How Can You Start or Mature A Program?

DevSecOps organizations need to incorporate security from the beginning of their development process. We discuss the differences between DevOps and DevSecOps, and how to achieve the latter.

A Security Champions Program: What It Is and Why You Need One

A security champions program will help you anticipate and address growing security threats. Learn how to create security champions within your organization — and why you need them.

Expert Advice on How to Attain Authority to Operate (ATO) Faster

Our experts discuss the challenges teams encounter as they obtain Authority to Operate, and how to shift left to obtain ATO at speed and scale.

Three Steps to Effective Security Training For Your Organization

Security training is vital for organizations. The steps in this article will ensure that you’re training your team effectively, and teaching them to keep your systems and data as secure as possible.

How to Automate Threat Modeling to Save Time and Money, and Mitigate Risk

How to Avoid the OWASP Top 10 List of Software Vulnerabilities and Risks

Find out what security vulnerabilities have changed since the OWASP Top 10 of 2017 list and how insecure design can remediate risk.

What is Threat Modeling?

What is threat modeling? We define threat modeling, provide examples of common techniques, and explain how it relates to the secure software life cycle.

How To Breathe New Life into Your Security Training Program with Games

Gamification is one of the most effective ways to engage and motivate learners.