The Qwiet blog

We all do it. When we are recalling a story or something that happened in our lives, we fill in the “fuzzy” areas with what we believe to be the truth. It’s human nature to embellish somewhat or simply fill in the blanks with what could be facts based on our recollection, but often are […]

For a lot of programmers, Python is their “love language.” Easy to learn and use, Python is perfect for building cutting-edge machine learning and cloud computing projects. Unfortunately, knowing that programmers love Python, malicious actors have started targeting the Python Package Index (PyPI) as part of supply chain attacks.  As researchers identify more malicious Python […]

Shipping your software – and doing it on time – may be your first priority as a developer. However, as your company shifts security left, you need to build it into your processes while still meeting estimated timelines. Now you need to manage cross-functional communications and respond to seemingly competing priorities. You’re trying to debug […]

Shortcomings of static program analysis in practice Creating programs that analyze other programs is a fascinating idea in itself. It hurts me to say that static code analysis has a remarkably bad reputation among practitioners. If you have performed security assessments and used these tools, you may agree that pinpointing the concrete shortcomings of these […]

According to the 1980’s cartoon G.I. Joe, “knowing is half the battle.” Unfortunately, threat actors often have more information than their targets, which is why they’re so successful. For developers and AppSec teams, having information about threat actor tactics, techniques, and procedures (TTPs) helps even the digital battlefield.  Threat intelligence feeds provide data about malicious […]

The National Cybersecurity Strategy Implementation Plan plays a vital role in safeguarding the digital infrastructure of the nation. This comprehensive plan, outlined by the White House, is comprised of three pillars and sets forth a roadmap to enhance cybersecurity measures across various sectors.  Pillar Three of the implementation plan focuses on the need for developers […]

Software engineers’ ideal state includes being able to work with minimal disruption. This “flow state” is when they are most productive and have the best chance of delivering the products and features they are tasked with producing within the required timeline. Whenever something adversely impacts their flow state productivity, mental health, and overall effectiveness may […]

Our customers have repeatedly communicated a desire to deliver secure software without compromising software delivery timelines. At the same time, they have frequently reported that traditional software composition analysis (SCA) tools create an overwhelming number of open-source vulnerability tickets.   To quantify the problem, we ran an experiment with a cross-section of our customers. An analysis […]

There has been rapid digital transformation in the healthcare industry in recent years. While this has brought numerous benefits, it has also opened up new avenues for cyber threats and vulnerabilities. One such example is the Medtronic cardiac device security vulnerability, which has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue an advisory […]