Janet Worthington
Senior Analyst
Speaking At
Author Insights
Blog
Never “Too Small For Cybercriminals”: One Town’s Cautionary Tale
In a world of Scattered Spiders and Midnight Blizzards and UNC2452s, why is Arlington’s BEC important? Because it’s happening all the time to towns, municipalities, regional health systems, and small businesses lacking the resources to prepare for such an event.
Blog
Fortinet Acquires Lacework
After a previous sale fell through, Fortinet has announced the acquisition of Lacework for an undisclosed amount, catching some customers by surprise. Get a detailed analysis of the deal including side-by-side product comparisons in this post.
Blog
Ludicrous Speed — Because Light Speed Is Too Slow To Secure Your Apps
Code is being released at ludicrous speed today. But without appsec, that code has the potential to introduce significant risk. Learn some of the key trends and benefits to DevSecOps in this post.
Blog
Forrester’s RSAC 2024 Themes, Takeaways, And Observations
More than 41,000 attendees, 600 exhibitors, and 425 sessions. Get some of the key themes and takeaways from the Forrester security & risk analysts who attended RSA Conference (RSAC) 2024.
Blog
T&I APAC Wrap-Up: The Good Stuff You Missed From The ForrWomen Session
Women remain underrepresented in the tech and security fields. Get five tips from the recent T&I APAC ForrWomen session on how to change that in your organization.
Blog
Serverless Functions Hold A Lot Of Promise … And Potential Security Flaws
Full stack developers are concerned with accessibility, usability, reliability, scalability, and performance. So, who's responsible for the security of an application?
Blog
Shift-Everywhere Is The Bullet Train To Secure Software
Application security is in the spotlight with continued breaches due to the vast attack surface applications and their ecosystems provide.
Blog
Static Application Security Testing (SAST) Tools Evolve To Keep Pace With Modern Application Delivery
We looked at the top 50 undergraduate computer science programs in the US and found that none require a secure coding or secure application design class. Although 18% did offer electives in secure coding or application security, it’s fair to say that teaching undergrads to develop secure code is not a top priority. Static application […]
Blog
The World Lags With SBOM Requirements, But Likely Not For Long
The US Executive Order on Improving the Nation’s Cybersecurity ignited an evolution in software supply-chain security that breaches such as the ones on SolarWinds and Colonial Pipeline fueled. Putting teeth behind the Executive Order, an Office of Management and Budget September 2022 memorandum allows agencies to request a software bill of materials (SBOM) from suppliers. […]
Blog
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog
When It Comes To Zero Trust, Nobody Puts Appsec In A Corner
Zero Trust has seen an increase in adoption over the past few years — Forrester’s Security Survey, 2022, shows that 83% of global large enterprises are reporting that senior leadership has committed their organizations to the adoption of Zero Trust. Aspects of the Zero Trust model continue to be misunderstood, however. The industry is still […]
Blog
Responding To The Cybersecurity Signal In The Sky, A Hero Steps Out Of The Shadows: Software Composition Analysis
Software composition analysis (SCA) has lived for many years in the shadow of static application security testing (SAST) and dynamic application security testing (DAST) tools that have commanded bigger budgets, stakeholder attention, and vendor competition. This changed in May of 2021 when President Biden called on the public and private sector to secure the US […]
Blog
DevOps Theme Team: 2022 In Review And Looking Ahead To 2023
Happy holidays from the DevOps theme team! Our merry band of Forrester analysts covering enterprise architecture, infrastructure, application development, application security, and technology strategy meets periodically to share research, debate trends, and dive into breaking news. What are a few of the trends and themes that have caught our attention this year? Let’s dive in […]
Blog
We Are Living In A Serverless World
In that world, security concerns remain. Here's what leaders and teams need to know.
Blog
School Is In Session, But AppSec Is Still On Vacation
The pandemic accelerated organizations’ move to digital work, and the market responded to the increased demand. New applications and features were built, deployed, and released at a rate that previously would not have seemed possible. In Forrester’s Developer Survey, 2022, 67% of developers said they release incremental software changes into production at least monthly, and […]
Blog
Déjà Vu As Synopsys Buys DAST
Synopsys announced its intention to acquire WhiteHat from NTT for $330 million in cash. WhiteHat was acquired by the Japanese telecommunications provider NTT back in 2019. The subsidiary was later rebranded to NTT Application Security. In the press release, Synopsys emphasized the strength of the WhiteHat brand, its dynamic application security testing (DAST) offering, and […]
Blog
The Secure Everywhere Movement Is Here: Are You On Board?
Attacks on software supply chains are increasing. But so is awareness and spending on security.
Blog
Continuous Evolution: In Acquiring Linode, Akamai Looks To Transform Again
Akamai’s announcement last month that it had acquired infrastructure-as-a-service (IaaS) provider Linode addresses a gap in Akamai’s offering and presents an opportunity to disrupt traditional cloud service providers. Akamai’s edge function-as-a-service (FaaS) technology gives companies the ability to manipulate content close to the user with very low latency, but organizations still need to go back […]
Blog
Fix The Vulnerability Within: Break Gender Bias In Cybersecurity
Forrester predicts that in 2022, one in 10 experienced security pros will exit the industry. This brain drain is the result of a few dynamics colliding: poor financial and advancement incentives; general stress and burnout impacting security teams; and cybersecurity’s dirty little secret, workplace toxicity! And cybersecurity isn’t immune to the hidden epidemic impacting women’s ability […]
Blog
The Top Seven Most Misused Terms In Cybersecurity
When vendors or practitioners use different words to communicate the same thing, confusion ensues. Let's take steps toward settling on a common vocabulary.
More posts