Janet Worthington

Senior Analyst

Forrester Bio

Author Insights

Blog

Never “Too Small For Cybercriminals”: One Town’s Cautionary Tale

Jess Burn June 25, 2024
In a world of Scattered Spiders and Midnight Blizzards and UNC2452s, why is Arlington’s BEC important? Because it’s happening all the time to towns, municipalities, regional health systems, and small businesses lacking the resources to prepare for such an event.
Blog

Fortinet Acquires Lacework

Andras Cser June 12, 2024
After a previous sale fell through, Fortinet has announced the acquisition of Lacework for an undisclosed amount, catching some customers by surprise. Get a detailed analysis of the deal including side-by-side product comparisons in this post.
Blog

Ludicrous Speed — Because Light Speed Is Too Slow To Secure Your Apps

Janet Worthington June 7, 2024
Code is being released at ludicrous speed today. But without appsec, that code has the potential to introduce significant risk. Learn some of the key trends and benefits to DevSecOps in this post.
Blog

Forrester’s RSAC 2024 Themes, Takeaways, And Observations

Jeff Pollard May 15, 2024
More than 41,000 attendees, 600 exhibitors, and 425 sessions. Get some of the key themes and takeaways from the Forrester security & risk analysts who attended RSA Conference (RSAC) 2024.
Blog

T&I APAC Wrap-Up: The Good Stuff You Missed From The ForrWomen Session

Janet Worthington November 29, 2023
Women remain underrepresented in the tech and security fields. Get five tips from the recent T&I APAC ForrWomen session on how to change that in your organization.
Blog

Serverless Functions Hold A Lot Of Promise … And Potential Security Flaws

Janet Worthington September 21, 2023
Full stack developers are concerned with accessibility, usability, reliability, scalability, and performance. So, who's responsible for the security of an application?
Blog

Shift-Everywhere Is The Bullet Train To Secure Software

Janet Worthington June 20, 2023
Application security is in the spotlight with continued breaches due to the vast attack surface applications and their ecosystems provide.
Blog

Static Application Security Testing (SAST) Tools Evolve To Keep Pace With Modern Application Delivery

Janet Worthington June 13, 2023
We looked at the top 50 undergraduate computer science programs in the US and found that none require a secure coding or secure application design class. Although 18% did offer electives in secure coding or application security, it’s fair to say that teaching undergrads to develop secure code is not a top priority. Static application […]
Blog

The World Lags With SBOM Requirements, But Likely Not For Long

Janet Worthington May 8, 2023
The US Executive Order on Improving the Nation’s Cybersecurity ignited an evolution in software supply-chain security that breaches such as the ones on SolarWinds and Colonial Pipeline fueled. Putting teeth behind the Executive Order, an Office of Management and Budget September 2022 memorandum allows agencies to request a software bill of materials (SBOM) from suppliers. […]
Blog

Get A Head Start On The National Cybersecurity Strategy

Jeff Pollard March 2, 2023
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog

When It Comes To Zero Trust, Nobody Puts Appsec In A Corner

Sandy Carielli February 22, 2023
Zero Trust has seen an increase in adoption over the past few years — Forrester’s Security Survey, 2022, shows that 83% of global large enterprises are reporting that senior leadership has committed their organizations to the adoption of Zero Trust. Aspects of the Zero Trust model continue to be misunderstood, however. The industry is still […]
Blog

Responding To The Cybersecurity Signal In The Sky, A Hero Steps Out Of The Shadows: Software Composition Analysis

Janet Worthington February 2, 2023
Software composition analysis (SCA) has lived for many years in the shadow of static application security testing (SAST) and dynamic application security testing (DAST) tools that have commanded bigger budgets, stakeholder attention, and vendor competition. This changed in May of 2021 when President Biden called on the public and private sector to secure the US […]
Blog

DevOps Theme Team: 2022 In Review And Looking Ahead To 2023

Julie Mohr December 12, 2022
Happy holidays from the DevOps theme team! Our merry band of Forrester analysts covering enterprise architecture, infrastructure, application development, application security, and technology strategy meets periodically to share research, debate trends, and dive into breaking news. What are a few of the trends and themes that have caught our attention this year? Let’s dive in […]
Blog

We Are Living In A Serverless World

Janet Worthington September 8, 2022
In that world, security concerns remain. Here's what leaders and teams need to know.
Blog

School Is In Session, But AppSec Is Still On Vacation

Janet Worthington September 6, 2022
The pandemic accelerated organizations’ move to digital work, and the market responded to the increased demand. New applications and features were built, deployed, and released at a rate that previously would not have seemed possible. In Forrester’s Developer Survey, 2022, 67% of developers said they release incremental software changes into production at least monthly, and […]
Blog

Déjà Vu As Synopsys Buys DAST

Janet Worthington May 16, 2022
Synopsys announced its intention to acquire WhiteHat from NTT for $330 million in cash. WhiteHat was acquired by the Japanese telecommunications provider NTT back in 2019. The subsidiary was later rebranded to NTT Application Security. In the press release, Synopsys emphasized the strength of the WhiteHat brand, its dynamic application security testing (DAST) offering, and […]
Blog

The Secure Everywhere Movement Is Here: Are You On Board?

Janet Worthington May 9, 2022
Attacks on software supply chains are increasing. But so is awareness and spending on security.
Blog

Continuous Evolution: In Acquiring Linode, Akamai Looks To Transform Again

Janet Worthington March 16, 2022
Akamai’s announcement last month that it had acquired infrastructure-as-a-service (IaaS) provider Linode addresses a gap in Akamai’s offering and presents an opportunity to disrupt traditional cloud service providers. Akamai’s edge function-as-a-service (FaaS) technology gives companies the ability to manipulate content close to the user with very low latency, but organizations still need to go back […]
Blog

Fix The Vulnerability Within: Break Gender Bias In Cybersecurity

Jinan Budge March 7, 2022
Forrester predicts that in 2022, one in 10 experienced security pros will exit the industry. This brain drain is the result of a few dynamics colliding: poor financial and advancement incentives; general stress and burnout impacting security teams; and cybersecurity’s dirty little secret, workplace toxicity! And cybersecurity isn’t immune to the hidden epidemic impacting women’s ability […]
Blog

The Top Seven Most Misused Terms In Cybersecurity

Allie Mellen February 23, 2022
When vendors or practitioners use different words to communicate the same thing, confusion ensues. Let's take steps toward settling on a common vocabulary.
More posts