Back
Paul Garden

Paul Garden

DevOps & Security Industry Solutions

Paul heads up JFrog’s Industry Solutions function at JFrog and has a passion for sharing DevOps, Security, and Software Development best practices with enterprises, and the developer and security communities. He leverages 20+ years of experience in Product Management and Product Marketing to create impactful go-to-market campaigns and collateral. Driving usage and adoption of JFrog’s Software Supply Chain Platform is Paul’s primary focus. When he’s not helping developers and DevOps teams keep their software artifacts safe and secure; you can find him playing golf or wine tasting in the Santa Cruz Mountains.

The Latest From Paul Garden

  • Software Ate the World, but Digital Transformation Can Give You Indigestion
    | 7 min read

    In today's digitally-driven world, organizations rely heavily on software applications to streamline services, provide operations, engage customers, and drive innovation through digital transformation. Software has also become the lynchpin for securing an entire business’ services and keeping them up and running. Yet, this omnipresent force comes with its own set of challenges. The importance of…

    Read More  

  • Top DevOps Experts offer Key Insights at swampUP
    | 9 min read

    With five keynotes and 15 breakout sessions in one day, there was no shortage of important industry knowledge and key insights from this year’s JFrog swampUP DevOps and DevSecOps user conference. Presenters discussed the role of DevOps at Netflix, how Fidelity migrated to the Cloud, the trend of shifting further left than left, and more.…

    Read More  

  • Announcing JFrog SAST: Build Trust and Release Code With Confidence
    | 6 min read

    Today’s software applications power almost every aspect of our lives, and ensuring the security of these applications is paramount. Threat actors can cause devastating consequences for companies, leading to financial losses, reputational damage, and legal repercussions. Companies building commercial or in-house applications must adopt robust security measures throughout their software development lifecycle to avoid releasing…

    Read More  

  • Prevent Credential Exposure in Code
    | 5 min read

    In today's software development world, developers rely on numerous types of secrets (credentials), to facilitate seamless interaction between application components. As modern applications become more complex and require authentication for services and dependencies, the practice of hardcoding secrets during software development is on the rise. The most common types of credentials are: Application Program Interface…

    Read More  

  • From zero to breach in seconds: Why you need to focus on software supply chain security now
    | 5 min read

    The RSA Conference 2023 addressed several key issues and trends in the cybersecurity industry. Generative AI was a key topic of discussion, with attendees, executives and policymakers seeing its potential in both offense and defense in the cybersecurity arms race. The White House's National Cybersecurity Strategy was also a topic of conversation across panels and…

    Read More  

  • Save time fixing security vulnerabilities much earlier in your SDLC
    | 4 min read

    Are you or your development team tired of using application security tools that generate countless results, making it difficult to identify which vulnerabilities pose actual risks? Do you struggle with inefficient or incorrect prioritization due to a lack of context? What adds insult to injury is that traditional CVSS scoring methods ignore critical details like…

    Read More  

  • Advanced DevOps Security With Development Flexibility
    | 8 min read

    Announcing the general availability of JFrog Xray’s advanced security features in self-hosted subscriptions, organizations have the flexibility to manage and secure their software development pipelines in-house and in the cloud. Since Developers and the DevOps infrastructure are the primary attack vector in the software supply chain, we designed our platform and the advanced security features…

    Read More  

  • Advanced Security in your Software Supply Chain – Part 1
    | 5 min read

    Containerised deployment is widely becoming a standard in every industry, ensuring these containers are protected at every level with a high level of accuracy is one of the most important tasks. Some industry vendors rely solely on the manifest files to provide them with a list of components, others have to manually convert the container…

    Read More  

  • Wolves or Sheep: How Xray Avoids False Positives in Vulnerabilities Scans
    | 7 min read

    You probably know the story of “the boy who cried ‘Wolf!’” In the ancient fable, villagers tire of a shepherd’s false alarms, and stop paying attention to them. That’s a lesson for software security teams, not just schoolchildren. Raising concerns about threats that turn out to be flimsy or false erodes the trust that binds…

    Read More  

  • Bring Xray Out of the Box with Dependency and Binary Scanning
    | 5 min read

    Shifting left security means you, the developer, catching and fixing vulnerabilities and license violations early in the SDLC. That’s why Xray scans binaries pushed to Artifactory by your builds, and alerts you when there are issues with your dependencies. But catching them earlier, even before checking in code, can be important for developers shifting left.…

    Read More