Application Security
Agile development’s cycle of deployments and patches generates ample opportunities for hackers looking for a way in. Application security must be strong, vigilant, and nimble. Read our insights.
Insights
Blog
Security Planning 2026: Budget To Manage Volatility, Seize Opportunities, And Avoid Threats
Security and risk leaders face an uncertain road ahead in 2026. Wild market swings, geopolitical tensions, and increased cybersecurity threats mean that security and risk leaders must build resilient plans and make bold moves to turn volatility into opportunity. Learn how our Budget Planning Guide for security and risk leaders can help.
Blog
Announcing The Forrester Wave™: Zero Trust Platforms, Q3 2025 — Choosing A Platform Solution For Your Zero Trust Journey
The latest edition of our Zero Trust platform vendor evaluation, The Forrester Wave™: Zero Trust Platforms, Q3 2025, published today. It highlights how this market continues to improve upon delivering unified solutions that help simplify and operationalize Zero Trust for organizations. Beginning with The Zero Trust Platforms Landscape, Q1 2025, we researched major players in […]
Blog
AWS re:Inforce 2025 — Heavy On User Experience Enhancements, Light On The GenAI Hype
This year's AWS re:Inforce event included a big announcement and revealed other security-related enhancements. Read our top takeaways.
Blog
Make No Mistake — Software Is a Supply Chain, And It’s Under Attack
Software is no longer just code written by a team of enterprise developers — it’s a complex, interconnected supply chain. And like any supply chain, the weakest link makes the entire chain vulnerable.
Blog
Sudo Coming To Windows? Pretty Much, Yeah
Windows 11 introduces a new security feature that separates admin and user roles, bringing a sudolike experience to the desktop.
Blog
Software Composition Analysis Is The AppSec Hero We Deserve AND Need
Get three key insights to consider when purchasing or upgrading your software composition analysis software.
Blog
The State Of Application Security, 2025: Yes, AI Just Made It Harder To Do This Right
Our annual report on the state of application security is one of our favorites. We love digging into the data to see how priorities and adoption have changed. This year, the explosion of AI in applications and in-application development exacerbated existing trends and introduced new concerns. Here are some areas that got our attention. AI […]
Stop The Friction: Align CIOs & CISOs For Smarter 2026 Budget Planning
In uncertain times, teamwork is everything. Join Forrester analysts live on August 6 to align CIOs and CISOs on budget plans, prioritize smart investments, and fortify your security for 2026.
Blog
RSAC Conference 2025: Innovation Sandbox Turns 20
RSAC Conference 2025 featured the 20th annual Innovation Sandbox competition. Learn more about the entrants and results in this review of the event.
Blog
RSAC Conference 2025: Welcome To The Petting Zoo
From live goats and puppies to robot dogs and animal costumes, the RSAC Conference 2025 delivered some unexpected surprises. But it also delivered the usual insight into various trends in the security market today. Find out more in this RSAC review.
Blog
Reduce, Reuse, Recycle! The US Government Applies The Concept To Software Coding
The US government’s SHARE IT Act became law in December 2024, requiring that all custom-developed software be accessed, shared, used, and modified governmentwide. By allowing any federal agency to access and use the code, the SHARE IT Act ensures that the investments in custom-developed software ($12 billion spent annually) are maximized, reducing the need for […]
Blog
Transforming Enterprise Business Apps With Powerful AI Ecosystems And Marketplaces
We can’t emphasize enough the importance of interconnected networks and ecosystems to the enterprise application software market. Industry cloud providers and hyperscalers possess several key advantages in nurturing and leading these innovation networks. So what does this acceleration of AI software and services on industry cloud and hyperscaler marketplaces mean? Well, it depends on the […]
Blog
Unveiling AI Risks In The Software Supply Chain
In the age of intelligent automation, enterprise business applications (EBAs) are increasingly embedding and integrating sophisticated AI agents to drive efficiency, insights, and innovation.
New For 2026! Security Budget Planning Guide + Workbook
Prepare your 2026 security budget for critical risks. Get our budget planning guide and workbook to assess, prioritize, and implement investments for fortified security in uncertain times.
Blog
RSAC 2025 Early Stage Expo Preview: AppSec, IAM, GenAI, SecOps, And More
As we put together our game plan for what to see at RSA Conference 2025, we wanted to scope out innovation, identify which vendor booths will be a must-see, and (at least for one of us) minimize the number of steps to take around the Moscone Center.
Blog
So There Won’t Be A Wiz IPO — What Does That Mean For Cyber IPOs In 2025?
Last week’s mega deal of Google acquiring CNAPP provider Wiz for $32 billion has some lamenting the future of IPOs in the cybersecurity space.
Blog
WAFs Are Now The Center Of Application Protection Suites
Although not a new technology by any stretch, web application firewall (WAF) solutions continue their evolution. Today, WAF solutions are cloud-based and protect applications and APIs in hybrid and multicloud environments. WAF solution vendors have expanded their remit to address API attacks and layer 7 DDoS and are working to integrate WAFs with bot management, […]
Blog
Google To Acquire CNAPP Specialist Unicorn Wiz For $32 Billion
Learn what the largest-ever acquisition in cybersecurity means both for Google and the CNAPP space.
Blog
Highlights And Implications Of Biden’s Executive Order On Strengthening And Promoting Innovation In The Nation’s Cybersecurity
Forrester's security and risk research team breaks down the key highlights and implications of former US President Joe Biden’s 2025 Executive Order (EO) 14144 on strengthening security, improving accountability for software and cloud service providers, and promoting innovation, including use of emerging technologies.
Blog
Are You Making These DevSecOps Mistakes? The Four Phases You Need To Know Before Your Code Becomes Your Vulnerability
Learn the four key phases of DevSecOps as well as some key best practices to jump-start your transformation in this preview of our upcoming Security & Risk Summit.
Blog
Announcing Forrester’s 2024 Security & Risk Enterprise Leadership Award Winner And Finalist
Learn more about the security strategies that helped Schneider Electric win this year’s Security & Risk Enterprise Leadership Award, which recognizes organizations that have transformed their security, privacy, and risk management functions.
Blog
The API Security Software Landscape, Q3 2024
While API discovery and policy enforcement have gained traction, it's time for companies to elevate their approach to API security maturity. Learn how to get started in this preview of a new report.
More posts