The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

Erik Costlow, Director of Developer Relations

Erik Costlow was Oracle’s principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. He is working to broaden this approach to security with Contrast Security. Before becoming involved in technology, Erik was a circus performer who juggled fire on a three-wheel vertical unicycle.

The Trojan Source is Not Your Mane Problem

A recently published paper provides a logo and slick polish for an old vulnerability about the ability of certain unicode characters to render differently for human reviewers than the machines that execute the instructions.

Continue Reading >>

Contrast Meets Kenna: Teaming Up To Manage Vulnerabilities

A new joint solution from Contrast Security and Kenna Security enables organizations to manage vulnerabilities in one location with fewer false positives to simplify application security programs on both custom and third-party code.

Continue Reading >>

Secure Coding with Go

All Systems Go—Except Application Security

Google Go (also known as Golang) continues its role as a popular software language that enables developers to ship quality code at a rapid pace. Its genesis can be traced back to when Google engineers..

Continue Reading >>

SolarWinds Hack Exposes Long Overdue Prioritization of Software Security

With more news emerging on the SolarWinds cyberattack, its severity and ubiquitous reach continue to expand. Many are now heralding it as the “hack of the decade.” It exposed “god access” to the perpetrators, allegedly granting access to over ..

Continue Reading >>

What Role Should Social Media Play in Discovering Vulnerabilities?

New research from the Pacific Northwest National Laboratory (PNNL) Data Sciences and Analytics Group shows that 25% of vulnerabilities appear on social media before the National Vulnerability Database (NVD). And it takes an average of nearly 90..

Continue Reading >>

Assessing API Security Risks, Plotting a Solution

Application programming interfaces (APIs) are increasingly opening paths to vulnerabilities further down in application architectures. But legacy security testing approaches and firewalls are an inefficient and ineffective approach to securing..

Continue Reading >>

Protect Sensitive Data, Reduce Risk, and Gain Regulatory Compliance with Embedded Data Security

Sensitive data often leaks out through applications. The privacy risk is not developer negligence, but rather misplaced trust in pre-General Data Protection Regulation (GDPR) solutions and infrastructure. Enterprises should turn to modern AppSec..

Continue Reading >>

Changing the AppSec Game with Security Instrumentation


Continue Reading >>

Security Concerns Remain with Containers and Kubernetes Per New Report

When it comes to organizational growth and the fast pace of doing business, DevOps is a key enabler in the transformation of a company. Containers play a significant role in this evolution, helping organizations to modernize faster by making it..

Continue Reading >>

Coalfire PCI Compliance & Contrast Security

Contrast Assess and Protect recently went through an independent evaluation by CoalFire, a respected Payment Card Industry (PCI) and Payment Application (PA) Qualified Security Assessor Company (QSAC).

Continue Reading >>