The hottest Application Security Substack posts right now

Application Detection & Response (ADR) is becoming important because attackers are increasingly targeting application vulnerabilities. This shift means we need better tools that focus specifically on applications.
Modern software systems are complex, making it hard for traditional security tools to catch real threats. That's why understanding how these systems interact can help identify harmful behavior more effectively.
There’s a big push to find and fix security issues early in the development process. However, this focus on early detection often misses what's actually happening in real-life applications, making runtime security like ADR crucial.

CISOs and security leaders need to understand Directors & Officers insurance due to increasing legal troubles. Knowing how to protect themselves from litigation is becoming essential.
AI is making big changes in development, as shown by Amazon's claim of saving thousands of developer years. This shows a trend towards AI taking over more coding tasks.
The application security market is very complicated. It's important to grasp what tools and strategies work best to secure software without getting lost in all the technical jargon.

Big tech's new AppSec tools are mostly demo-quality right now and aren't yet as capable as mature security products.
This puts pressure on AppSec teams to justify buying dedicated tools or accept platform solutions, shifting the burden of proof onto security teams.
The labs are motivated to build AppSec because LLMs generate lots of code and overwhelm review capacity, so more serious products will likely appear soon while platform and specialist vendors continue to coexist.

Snyk is a developer-focused application security product that integrates security into the development process.
Snyk's core product is a software composition analysis (SCA) tool that quickly detects vulnerabilities in dependencies.
Despite success, all startups, including Snyk, still have the possibility of failure.

It's important to shift security measures smartly rather than just shifting them left in the development cycle. We need the right context to effectively identify real risks in applications.
Many security tools produce a lot of noise and false positives, which frustrates developers. If security teams provide context-rich insights instead, it would help everyone work better together.
There’s a cultural gap where security teams dump problems on developers without proper context, leading to resentment. Improving communication and collaboration can help avoid this issue.

Get a weekly roundup of the best Substack posts, by hacker news affinity:

Application-level security is crucial and there is a trend towards 'shift-up' in data security.
Compliance with NIST standards is a significant factor for adoption in regulated industries.
The NIST PQC standardization process will drive wider adoption of cryptographic tools.

Release Management for Snaps Made Simpler with progressive release feature
Technical deep-dive into a real-time kernel from Ubuntu explained by Edoardo Barbieri
Deploy a Kubernetes Development Environment with Kind guide for setting up local Kubernetes clusters

There is speculation that the two-year drought in cybersecurity IPOs may end in 2024.
Some cybersecurity vendors are growing but are being taken private instead of staying public.
Companies with over 1,000 employees and strong growth rates might be ready for IPOs in the cybersecurity sector.