Janet Worthington

Our annual report on the state of application security is one of our favorites. We love digging into the data to see how priorities and adoption have changed. This year, the explosion of AI in applications and in-application development exacerbated existing trends and introduced new concerns. Here are some areas that got our attention. AI […]

The US government’s SHARE IT Act became law in December 2024, requiring that all custom-developed software be accessed, shared, used, and modified governmentwide. By allowing any federal agency to access and use the code, the SHARE IT Act ensures that the investments in custom-developed software ($12 billion spent annually) are maximized, reducing the need for […]

Government agencies at the federal, state, and local levels must prepare for a future where they experience uncertainty, headcount reductions, contract cancellations, and budget cuts. This is gut-wrenchingly difficult to process, yet remaining leaders must figure out how to move forward to serve the mission. For public sector cybersecurity leaders, this is even more paramount. […]

In the age of intelligent automation, enterprise business applications (EBAs) are increasingly embedding and integrating sophisticated AI agents to drive efficiency, insights, and innovation.

With the average cost of a data breach at $2.7 million and 33% of enterprises reporting being breached three or more times over the past 12 months, understanding and learning from past incidents is not just beneficial — it’s essential.

Learn what the largest-ever acquisition in cybersecurity means both for Google and the CNAPP space.

The proactive security market is consolidating further as exposure management vendor Tenable announced its intent to acquire Vulcan Cyber, a unified vulnerability management (UVM) vendor that specializes in third-party vulnerability collection, vulnerability response, and application security posture management. This acquisition demonstrates how vendors are reacting to CISOs’ continued need to unify and consolidate their fragmented […]

Forrester's security and risk research team breaks down the key highlights and implications of former US President Joe Biden’s 2025 Executive Order (EO) 14144 on strengthening security, improving accountability for software and cloud service providers, and promoting innovation, including use of emerging technologies.

As has now become a Forrester Security & Risk Summit tradition, a room full of amazing women and a few brave fellas gathered last week as part of the Forrester Women’s Leadership Program to celebrate successes and solve for the many challenges that women face in this field. The theme? “To propel your career in security and risk, choose your advisers and nuggets of advice wisely.”

Learn the four key phases of DevSecOps as well as some key best practices to jump-start your transformation in this preview of our upcoming Security & Risk Summit.

In a world of Scattered Spiders and Midnight Blizzards and UNC2452s, why is Arlington’s BEC important? Because it’s happening all the time to towns, municipalities, regional health systems, and small businesses lacking the resources to prepare for such an event.

After a previous sale fell through, Fortinet has announced the acquisition of Lacework for an undisclosed amount, catching some customers by surprise. Get a detailed analysis of the deal including side-by-side product comparisons in this post.

Code is being released at ludicrous speed today. But without appsec, that code has the potential to introduce significant risk. Learn some of the key trends and benefits to DevSecOps in this post.

More than 41,000 attendees, 600 exhibitors, and 425 sessions. Get some of the key themes and takeaways from the Forrester security & risk analysts who attended RSA Conference (RSAC) 2024.

Women remain underrepresented in the tech and security fields. Get five tips from the recent T&I APAC ForrWomen session on how to change that in your organization.

Full stack developers are concerned with accessibility, usability, reliability, scalability, and performance. So, who's responsible for the security of an application?

Application security is in the spotlight with continued breaches due to the vast attack surface applications and their ecosystems provide.

We looked at the top 50 undergraduate computer science programs in the US and found that none require a secure coding or secure application design class. Although 18% did offer electives in secure coding or application security, it’s fair to say that teaching undergrads to develop secure code is not a top priority. Static application […]

The US Executive Order on Improving the Nation’s Cybersecurity ignited an evolution in software supply-chain security that breaches such as the ones on SolarWinds and Colonial Pipeline fueled. Putting teeth behind the Executive Order, an Office of Management and Budget September 2022 memorandum allows agencies to request a software bill of materials (SBOM) from suppliers. […]