Jeff Williams

AppSec Observer

Cyberattacks, supply-chain issues, flooding, tsunamis, wildfires, equipment failures and even war: The financial sector has no choice but to keep operations running through all these — among other — types of disruptions, challenges and incidents.  ... Read More

The perimeter cybersecurity model is like the defensive walls that surround ancient cities. For thousands of years, these walls provided stout defense against invaders arriving by horse and on foot.  ... Read More

Ensuring security in the software market is undeniably crucial, but it is important to strike a balance that avoids excessive government regulation and the burdens associated with government-mandated legal responsibility, also called a liability regime. While there's no question the market is broken with regards to security, and intervention is ... Read More

Insight #1 " Feds continue to push aggressive timelines for requiring app/API security “attestations” from software vendors.  OMB 22-18 is the latest and it requires all software vendors to publish a statement disclosing how they ensure their applications are secure by October 2023."   Insight #2 " Organizations are running ... Read More

Part four of the five-part series, Building a modern API security strategy ... Read More

You need an AppSec program.  Software supports your business, and you need to know that attackers can’t kick that ground out from under you. But which is the right path to take for your application security program: Minimal, adversarial or developer-centric? Regardless of what bells and whistles you opt for, ... Read More

Part three of the five-part series, Building a modern API security strategy ... Read More

Part two of the five-part series, Building a modern API security strategy ... Read More

Part one of the five-part series, Building a modern API security strategy ... Read More

The Spring4Shell exploit was, really, quite elegant.  ... Read More