Janet Worthington
Senior Analyst

Author Insights
Blog
Software Composition Analysis Is The AppSec Hero We Deserve AND Need
Get three key insights to consider when purchasing or upgrading your software composition analysis software.
Blog
The State Of Application Security, 2025: Yes, AI Just Made It Harder To Do This Right
Our annual report on the state of application security is one of our favorites. We love digging into the data to see how priorities and adoption have changed. This year, the explosion of AI in applications and in-application development exacerbated existing trends and introduced new concerns. Here are some areas that got our attention. AI […]
Blog
Reduce, Reuse, Recycle! The US Government Applies The Concept To Software Coding
The US government’s SHARE IT Act became law in December 2024, requiring that all custom-developed software be accessed, shared, used, and modified governmentwide. By allowing any federal agency to access and use the code, the SHARE IT Act ensures that the investments in custom-developed software ($12 billion spent annually) are maximized, reducing the need for […]
Blog
Government Leaders: Prioritize Cyber Efficiency Amid Federal Volatility
Government agencies at the federal, state, and local levels must prepare for a future where they experience uncertainty, headcount reductions, contract cancellations, and budget cuts. This is gut-wrenchingly difficult to process, yet remaining leaders must figure out how to move forward to serve the mission. For public sector cybersecurity leaders, this is even more paramount. […]
Blog
Unveiling AI Risks In The Software Supply Chain
In the age of intelligent automation, enterprise business applications (EBAs) are increasingly embedding and integrating sophisticated AI agents to drive efficiency, insights, and innovation.
Blog
Breaches And Lawsuits And Fines, Oh My! What We Learned, The Hard Way, From 2024
With the average cost of a data breach at $2.7 million and 33% of enterprises reporting being breached three or more times over the past 12 months, understanding and learning from past incidents is not just beneficial — it’s essential.
Blog
Google To Acquire CNAPP Specialist Unicorn Wiz For $32 Billion
Learn what the largest-ever acquisition in cybersecurity means both for Google and the CNAPP space.
Blog
Tenable To Acquire Vulcan Cyber: More Consolidation In The Vulnerability Management Market
The proactive security market is consolidating further as exposure management vendor Tenable announced its intent to acquire Vulcan Cyber, a unified vulnerability management (UVM) vendor that specializes in third-party vulnerability collection, vulnerability response, and application security posture management. This acquisition demonstrates how vendors are reacting to CISOs’ continued need to unify and consolidate their fragmented […]
Blog
Highlights And Implications Of Biden’s Executive Order On Strengthening And Promoting Innovation In The Nation’s Cybersecurity
Forrester's security and risk research team breaks down the key highlights and implications of former US President Joe Biden’s 2025 Executive Order (EO) 14144 on strengthening security, improving accountability for software and cloud service providers, and promoting innovation, including use of emerging technologies.
Blog
Rose-Colored Glasses Hide All The Red Flags: Advice From The S&R Forrester Women’s Leadership Program
As has now become a Forrester Security & Risk Summit tradition, a room full of amazing women and a few brave fellas gathered last week as part of the Forrester Women’s Leadership Program to celebrate successes and solve for the many challenges that women face in this field. The theme? “To propel your career in security and risk, choose your advisers and nuggets of advice wisely.”
Blog
Are You Making These DevSecOps Mistakes? The Four Phases You Need To Know Before Your Code Becomes Your Vulnerability
Learn the four key phases of DevSecOps as well as some key best practices to jump-start your transformation in this preview of our upcoming Security & Risk Summit.
Blog
Never “Too Small For Cybercriminals”: One Town’s Cautionary Tale
In a world of Scattered Spiders and Midnight Blizzards and UNC2452s, why is Arlington’s BEC important? Because it’s happening all the time to towns, municipalities, regional health systems, and small businesses lacking the resources to prepare for such an event.
Blog
Fortinet Acquires Lacework
After a previous sale fell through, Fortinet has announced the acquisition of Lacework for an undisclosed amount, catching some customers by surprise. Get a detailed analysis of the deal including side-by-side product comparisons in this post.
Blog
Ludicrous Speed — Because Light Speed Is Too Slow To Secure Your Apps
Code is being released at ludicrous speed today. But without appsec, that code has the potential to introduce significant risk. Learn some of the key trends and benefits to DevSecOps in this post.
Blog
Forrester’s RSAC 2024 Themes, Takeaways, And Observations
More than 41,000 attendees, 600 exhibitors, and 425 sessions. Get some of the key themes and takeaways from the Forrester security & risk analysts who attended RSA Conference (RSAC) 2024.
Blog
T&I APAC Wrap-Up: The Good Stuff You Missed From The ForrWomen Session
Women remain underrepresented in the tech and security fields. Get five tips from the recent T&I APAC ForrWomen session on how to change that in your organization.
Blog
Serverless Functions Hold A Lot Of Promise … And Potential Security Flaws
Full stack developers are concerned with accessibility, usability, reliability, scalability, and performance. So, who's responsible for the security of an application?
Blog
Shift-Everywhere Is The Bullet Train To Secure Software
Application security is in the spotlight with continued breaches due to the vast attack surface applications and their ecosystems provide.
Blog
Static Application Security Testing (SAST) Tools Evolve To Keep Pace With Modern Application Delivery
We looked at the top 50 undergraduate computer science programs in the US and found that none require a secure coding or secure application design class. Although 18% did offer electives in secure coding or application security, it’s fair to say that teaching undergrads to develop secure code is not a top priority. Static application […]
Blog
The World Lags With SBOM Requirements, But Likely Not For Long
The US Executive Order on Improving the Nation’s Cybersecurity ignited an evolution in software supply-chain security that breaches such as the ones on SolarWinds and Colonial Pipeline fueled. Putting teeth behind the Executive Order, an Office of Management and Budget September 2022 memorandum allows agencies to request a software bill of materials (SBOM) from suppliers. […]
More posts