Skip to main content
Application Security Standards

About Application Security Standards

Application Security Standards is an independent publication and vendor directory covering the application security and software supply chain space. It is published by Accessibility.com, LLC, a media company that operates focused publications and directories in compliance-adjacent fields.

We exist because security teams shouldn't have to wade through marketing copy and analyst paywalls to figure out what's actually happening in this market — which vendors do what, which threats are emerging, and which approaches are working in practice.

What We Cover

We focus on application security and the software supply chain. The directory currently covers vendors across the major AppSec categories, including Application Security Posture Management (ASPM), static and dynamic application security testing (SAST and DAST), software composition analysis (SCA), API security, CI/CD security, secrets management and scanning, and software bill of materials (SBOM).

Our blog covers vendor news, supply chain incidents, and emerging research. The glossary defines terms commonly used across the AppSec field, written for practitioners who want clear, jargon-free reference material.

How Vendors Get Listed

Listings are open. Any company building products in the application security or software supply chain space can submit their listing through our Submit Vendor form. Submissions are reviewed by our editorial team for relevance and basic accuracy before being published.

Listing in the directory is free. We offer paid services for vendors who want to claim and manage their listings, access lead generation, or appear in featured placements. Those conversations happen after a vendor has been listed — they are not a prerequisite for inclusion.

What Verified Means

Verified vendors have completed an additional review process with our editorial team. This includes confirmation of company details, product claims, and a direct point of contact. A verified badge on a listing means we have done that work; an unverified listing means we have not — it does not mean the vendor is illegitimate.

How We Produce Content

Our blog content is produced through an editorial pipeline that combines AI-assisted drafting with human review. We use AI tools to help process incoming news, identify relevant stories, and produce initial drafts. Every published article is reviewed before publication.

We disclose this because we believe readers deserve to know how the content they're reading was produced. If you spot an error in any article, please email us — we correct mistakes promptly and transparently.

How We Make Money

We are funded by services we offer to vendors who choose to work with us beyond the basic free listing. These include claimed listing management, verification services, lead generation, and featured placement.

Free listings are not influenced by these paid relationships. Our editorial content — blog posts, glossary entries, vendor coverage — is produced independently of vendor commercial relationships. Verified status is earned through editorial review, not purchased.

Contact

For editorial inquiries, corrections, press requests, or general questions, email [email protected].

For vendor inquiries — claiming a listing, verification, or lead services — email [email protected].

We aim to respond within two business days.