Check Point® Software Technologies Ltd.(link is external) announced that its Quantum Firewall Software R82 — the latest version of Check Point’s core network security software delivering advanced threat prevention and scalable policy management — has received Common Criteria EAL4+ certification, further reinforcing its position as a trusted security foundation for critical infrastructure, government, and defense organizations worldwide.
The Top Tools to Support DevSecOps - Part 5
May 31, 2018
DEVOPSdigest asked experts from across the IT industry — from analysts and consultants to users and the top vendors — for their opinions on the top tools to support DevSecOps. Part 5, the last installment, offers some final thoughts about "tools" that are not necessarily technology.
Start with The Top Tools to Support DevSecOps - Part 1
Start with The Top Tools to Support DevSecOps - Part 2
Start with The Top Tools to Support DevSecOps - Part 3
Start with The Top Tools to Support DevSecOps - Part 4
THE RIGHT PEOPLE
Investment in quality people is the single best investment in tooling an organization can make to support DevSecOps. From the executives that need to make the command decisions that weigh risk versus business goal, to the developers writing the applications, to the security teams that are trying to implement "Security at the Speed of Code." Without an investment in quality people, you end up with a hamstrung environment where even the most modest security practices are overlooked in favor of doing what is "easy" or "nimble." The "fail fast" mantra of DevOps should not be applied to a security program wherein the consumer bears all the weight of an unfortunate event.
John Stauffacher
Director - Offensive Security, Trace3(link is external)
DEVSECOPS CULTURE
Your most important tool needed for DevSecOps isn't a actually tool, or even a process: it's culture. You can influence culture — having support from the top is vital — but you can't prescribe it. Instead, you'll need to build a multi-disciplinary team of enthusiasts: not just security experts, but auditors, docs, ops and testing people and beyond. You'll help them through failures and successes, and then encourage them to spread the word across your organization: they become your most important tool for success.
Mike Bursell
Chief Security Architect, Red Hat(link is external)
DevSecOps is a culture and hence implementing it is mainly a mindset change. The tools will only drive the change, but the most important part is to go from having separate teams with siloed responsibilities in the software development lifecycle to having teams that are fully responsible for implementing, testing and running their code in production.
Isa Vilacides
Quality Engineering Manager, CloudBees(link is external)
COLLABORATION
Probably the most critical tool when trying to bring security colleagues along on your DevOps transformation is a whiteboard and a stack of post-it notes. Fundamentally the collaboration will rise or fall based on how well people from different teams and with different skills work together. Getting everyone physically together upfront, taking people away from how things work day-to-day, and holding a well organized and well run set of workshops is a great first step on your DevOps journey.
Gareth Rushgrove
Product Manager, Docker(link is external)
EMPATHY
Simply putting developers and security people into the same cube farm and telling them to work together won't work, of course — and will likely be counterproductive. Collaboration is key — but even the best collaboration tool in the world won't facilitate cooperation among people who feel they are in an adversarial relationship with each other. Just as with DevOps itself, therefore, the most important tool for DevSecOps is empathy — the ability to put yourself into the other person's shoes and see the problem space from their point of view. Once the team has sufficient empathy for each other, collaboration tooling is important to be sure — but tools don't make high-performance teams.
Jason Bloomberg
President, Intellyx(link is external)
Industry News
May 01, 2025
May 01, 2025
Postman announced full support for the Model Context Protocol (MCP), helping users build better AI Agents, faster.
May 01, 2025
Opsera announced new Advanced Security Dashboard capabilities available as an extension of Opsera's Unified Insights for GitHub Copilot.
May 01, 2025
Lineaje launched new capabilities including Lineaje agentic AI-powered self-healing agents that autonomously secure open-source software, source code and containers, Gold Open Source Packages and Gold Open Source Images that enable organizations to source trusted, pre-fixed open-source software, and a software crawling and analysis engine, SCA360, that discovers and contextualizes risks at all software development stages.
April 30, 2025
Check Point® Software Technologies Ltd.(link is external) launched its inaugural AI Security Report(link is external) at RSA Conference 2025.
April 30, 2025
Lenses.io announced the release of Lenses 6.0, enabling organizations to modernize applications and systems with real-time data as AI adoption accelerates.
April 30, 2025
Sonata Software has achieved Amazon Web Services (AWS) DevOps Competency status.
April 29, 2025
vFunction® announced significant platform advancements that reduce complexity across the architectural spectrum and target the growing disconnect between development speed and architectural integrity.
April 29, 2025
Sonatype® introduced major enhancements to Repository Firewall that expand proactive malware protection across the enterprise — from developer workstations to the network edge.
April 29, 2025
Aqua Security introduced Secure AI, full lifecycle security from code to cloud to prompt.
April 29, 2025
Salt Security announced the launch of the Salt Model Context Protocol (MCP) Server, giving enterprise teams a novel access point of interaction with their API infrastructure, leveraging natural language and artificial intelligence (AI).
April 28, 2025
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of in-toto, a software supply chain security framework developed at the NYU Tandon School of Engineering.
April 28, 2025
SnapLogic announced the launch of its next-generation API management (APIM) solution, helping organizations accelerate their journey to a composable and agentic enterprise.
April 28, 2025
Apiiro announced Software Graph Visualization, an interactive map that enables users to visualize their software architectures across all components, vulnerabilities, toxic combinations, blast radius, data exposure and material changes in real time.
April 24, 2025
Check Point® Software Technologies Ltd.(link is external) and Illumio, the breach containment company, announced a strategic partnership to help organizations strengthen security and advance their Zero Trust posture.
