Paul Garden
JFrog DevOps & Security Industry SolutionsPaul heads up JFrog’s Industry Solutions function at JFrog and has a passion for sharing DevOps, Security, and Software Development best practices with enterprises, and the developer and security communities. He leverages 20+ years of experience in Product Management and Product Marketing to create impactful go-to-market campaigns and collateral. Driving usage and adoption of JFrog’s Software Supply Chain Platform is Paul’s primary focus. When he’s not helping developers and DevOps teams keep their software artifacts safe and secure; you can find him playing golf or wine tasting in the Santa Cruz Mountains.
The Latest From Paul Garden
-
Navigating DORA Compliance: Software Development Requirements for Financial Services Companies
| 8 min readRegulatory compliance is a common and critical part of today's rapidly evolving financial services landscape. One new regulation that EU financial institutions must adhere to is the Digital Operational Resilience Act (DORA), enacted to enhance the operational resilience of digital financial services. The BCI Supply Chain Resilience Report 2023 highlighted that 45.7% of organizations experienced…
Read More -
Software Ate the World, but Digital Transformation Can Give You Indigestion
| 7 min readIn today's digitally-driven world, organizations rely heavily on software applications to streamline services, provide operations, engage customers, and drive innovation through digital transformation. Software has also become the lynchpin for securing an entire business’ services and keeping them up and running. Yet, this omnipresent force comes with its own set of challenges. The importance of…
Read More -
Top DevOps Experts offer Key Insights at swampUP
| 9 min readWith five keynotes and 15 breakout sessions in one day, there was no shortage of important industry knowledge and key insights from this year’s JFrog swampUP DevOps and DevSecOps user conference. Presenters discussed the role of DevOps at Netflix, how Fidelity migrated to the Cloud, the trend of shifting further left than left, and more.…
Read More -
Announcing JFrog SAST: Build Trust and Release Code With Confidence
| 6 min readToday’s software applications power almost every aspect of our lives, and ensuring the security of these applications is paramount. Threat actors can cause devastating consequences for companies, leading to financial losses, reputational damage, and legal repercussions. Companies building commercial or in-house applications must adopt robust security measures throughout their software development lifecycle to avoid releasing…
Read More -
Prevent Credential Exposure in Code
| 5 min readIn today's software development world, developers rely on numerous types of secrets (credentials), to facilitate seamless interaction between application components. As modern applications become more complex and require authentication for services and dependencies, the practice of hardcoding secrets during software development is on the rise. The most common types of credentials are: Application Program Interface…
Read More -
From zero to breach in seconds: Why you need to focus on software supply chain security now
| 5 min readThe RSA Conference 2023 addressed several key issues and trends in the cybersecurity industry. Generative AI was a key topic of discussion, with attendees, executives and policymakers seeing its potential in both offense and defense in the cybersecurity arms race. The White House's National Cybersecurity Strategy was also a topic of conversation across panels and…
Read More -
Save time fixing security vulnerabilities much earlier in your SDLC
| 4 min readAre you or your development team tired of using application security tools that generate countless results, making it difficult to identify which vulnerabilities pose actual risks? Do you struggle with inefficient or incorrect prioritization due to a lack of context? What adds insult to injury is that traditional CVSS scoring methods ignore critical details like…
Read More -
Advanced DevOps Security With Development Flexibility
| 8 min readAnnouncing the general availability of JFrog Xray’s advanced security features in self-hosted subscriptions, organizations have the flexibility to manage and secure their software development pipelines in-house and in the cloud. Since Developers and the DevOps infrastructure are the primary attack vector in the software supply chain, we designed our platform and the advanced security features…
Read More -
Advanced Security in your Software Supply Chain – Part 1
| 5 min readContainerised deployment is widely becoming a standard in every industry, ensuring these containers are protected at every level with a high level of accuracy is one of the most important tasks. Some industry vendors rely solely on the manifest files to provide them with a list of components, others have to manually convert the container…
Read More -
Wolves or Sheep: How Xray Avoids False Positives in Vulnerabilities Scans
| 7 min readYou probably know the story of “the boy who cried ‘Wolf!’” In the ancient fable, villagers tire of a shepherd’s false alarms, and stop paying attention to them. That’s a lesson for software security teams, not just schoolchildren. Raising concerns about threats that turn out to be flimsy or false erodes the trust that binds…
Read More