Press mentions, expert quotes, webinar recordings, and authored articles on application security, DevSecOps, and AI in security testing.
"Thirty years back, we did manual code reviews — that art died somehow. Now you can do this with an AI tool, allowing you to interact with the results, and maybe that's building a new industry for us again."
"Until independent researchers with access can run their own evaluations, healthy skepticism is the appropriate posture. The claims can't be tested, so they can't be fully trusted or refuted."
"What's really striking here is the pace. Project Glasswing is about connecting vulnerabilities into far more complex attack paths in a fraction of the time it used to take."
"This doesn't rewrite what a good application security programme looks like. Governance, process and expertise to fix things properly remain essential — AI doesn't change that."
"What's really striking here is the pace. Project Glasswing is about connecting vulnerabilities into far more complex attack paths in a fraction of the time it used to take."
"AI-assisted code scanning can improve developer productivity, but it cannot replace the broader visibility, governance, and risk management required to secure modern software ecosystems."
Expert commentary on legacy code maintainability — there were rarely records and manuals, which today makes troubleshooting much more difficult.
Expert guidance on World Password Day — recommendations for complex password enforcement, two-factor authentication, and password hashing best practices. (German)
How organisations can consolidate testing types to save time and money using a unified AppSec platform — covering cloud-based AppSec solutions and scaling security across multiple applications.
Scanning code at every stage of the software development lifecycle — how to implement a security-first approach without slowing down delivery teams.
Why multiple testing types are required for effective application security — data on fix rates for organisations that use multiple testing approaches vs. those that rely on just one.
Approaches that embrace the secure use of containers in CI/CD pipelines — covering container image scanning, base image risk, and how DevOps engineers can address the changing security landscape.
With Karel Kohout (Accenture) — the importance of integrations in modern software development, how to get the most out of GitHub and GitLab integrations, and how Accenture helps clients build mature AppSec programs.
A practitioner's framework for integrating security into DevOps pipelines — covering the five foundational principles that separate organisations that talk about security from those that actually ship it.
Step-by-step integration of comprehensive software security scanning into GitHub workflows — how Veracode's capabilities make it an optimal choice for software scanning requirements in development environments.
How organisations adapted their AppSec posture through 2020's rapid digital transformation and cloud acceleration — and why securing the software supply chain became non-negotiable.
How application security programs help organisations meet data breach notification obligations and compliance frameworks — with a practical view of the tools and processes that matter most.
Practical guidance on handling open-source security risks — software composition analysis and managing dependency risk in modern development pipelines. (German)
How engineering teams can move fast without sacrificing security — the cultural and tooling changes that make DevSecOps a reality rather than just a buzzword. (German)
Practical tips for secure development with open-source components — vulnerability management, licence risk, and SCA practices developers will actually follow. (German)
Julian is available to comment, provide background briefings, or be quoted on the following topics. Rapid turnaround for journalists on deadline.
Available for expert commentary, interviews, and panel contributions on application security, DevSecOps, and AI in security testing. Quick turnaround for journalists on deadline.