DevSecOps

January 18, 2023

DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact the business in 2023 ...

January 13, 2023

DEVOPSdigest and leading IT research firm Enterprise Management Associates (EMA) are teaming up on the EMA-DEVOPSdigest Podcast, a new podcast focused on the latest technologies impacting DevOps and development. In Episode 1, Chris Steffen, Managing Research Director for Information Security, Risk and Compliance Management at EMA, discusses the new Quantum Computing Cybersecurity Preparedness Act and other cybersecurity considerations with Ken Buckler, Research Analyst covering Information Security at EMA ...

January 12, 2023

Ask any developer and most will agree that Git it is the most popular software version control (SVC) standard today. Just because it's the most popular, however, doesn't mean it's the most secure. Regardless of whether you're using GitLab, GitHub, or a locally hosted Git server each has its own security issues that can sneak up on you and start a wave of additional issues ... What can you do to avoid repeating the Git security mistakes of others? Here are a few common Git security pitfalls and pointers to help you navigate them ...

January 10, 2023

In 2023, developers will demand solutions that enable highly available cloud-native SQL Server availability groups (AGs) in containers, including support for Kubernetes (K8s) clusters — across mixed environments and across any type of infrastructure or cloud ...

November 28, 2022

Almost three-quarters of applications in the retail and hospitality sector contain security flaws, but only 25% of these are fixed, according to the State of Software Security (SoSS) report v12 from Veracode ...

November 15, 2022

Data breaches cost US companies an average of $9.4 million — and by 2031, ransomware attacks will happen every two seconds. To address the scourge of cybercrime, we must all become data protectionists ...

November 14, 2022

Mobile DevSecOps as it's currently implemented has a big problem: it's too slow and inefficient to keep up with the constantly evolving threat landscape. In the typical way of doing things, common tools like pen testing and code scanning identify known vulnerabilities, and the mobile app is then booted back to the development team where they manually add whatever protection they can within the time they have ...

November 09, 2022

If you're a developer or you manage an enterprise software application, you may have been asked about the components in your application. Why do people want to know? Customers want to trust your application, they want your application to be secure. Enterprise vendors and government bodies want to know because they're concerned with security issues for their customers using your software ...

October 31, 2022

We recently published The API Security Disconnect: API Security Trends in 2022, which reveals some striking disconnects between the respondents' experiences with API security incidents, their lack of awareness of their own APIs, and their confidence in cloud service providers and others to provide API security. The findings are more relevant today ...

October 26, 2022

Living in an API-dominated world poses unique challenges and risks to companies of every size. With ever-increasing digitalization, business leaders must look at traditional security measures in place and assess if they still adequately protect the organization from growing API threats ...

October 24, 2022

Most CIOs (82%) say their organizations are vulnerable to cyberattacks targeting software supply chains, according to a global study of 1,000 CIOs conducted by Venafi ...

October 20, 2022

Four-fifths (80%) of organizations have experienced at least one severe cloud security incident in the past year (such as data breaches, data leaks, and intrusions into their environment), according to the State of Cloud Security Report from Snyk ...

October 18, 2022

The federal government has been quite busy building its case that both the private and public sectors need to address software supply chain risk head-on. However ... for the many software organizations out there that do not work directly with the federal government, what can serve as their source of truth for software supply chain security? ...

October 17, 2022

Ever experience a serverless nightmare? ... Read on for what we see as the top three serverless mistakes that can similarly get you into trouble ...

October 06, 2022

Monorepos — or the use of a single repository for every part of an application — have been around since before git was invented in 2005. This is in contrast with the more recent approach of having separate repositories for each service and the underlying infrastructure. In recent years, however, they've come back in vogue thanks to top engineering organizations such as Google, Facebook, and Uber all publicly stating that they use monorepos ...

October 04, 2022

The term "shift left" has been thrown around by the AppSec industry for years ... The concept is a good one. The shorter the gap between adding a vulnerability and finding it, the cheaper it is to fix. But today, in the DevOps era, shifting left isn't quite as clear. Two key parts are missing ...

October 03, 2022

With the evolution of the software industry, there's a challenge in building a culture around CISO and engineering. A culture built on data and security. More people involved in the software delivery process, especially stakeholders, means it needs more collaboration. It can lead to a culture built on data and security ...

September 28, 2022

Cybersecurity attacks increase each year over the holidays, and considering the spike in supply chain-based and zero-day attacks as of late, the 2022 holiday season is bound to be more extreme ... Here are three steps business and security leaders can take now to bolster security for the holiday season ...

September 26, 2022

For such an open, customizable platform, Jenkins provides decent security even in its default state. Given it connects to countless industry tools, though, there are a few other ways to help protect your projects. In this post, we look at some of the methods and tools to keep your Jenkins instance safe, secure, and protect those using it ...

August 30, 2022

A new report from observability data platform provider Mezmo and Enterprise Strategy Group (ESG) shows that the current adoption of DevSecOps is low but it's poised for future growth. Based on a survey of 200 DevOps and IT/information security professionals, only 22% of organizations have a formal DevSecOps strategy, but 62% are evaluating use cases or have a plan to implement it ...

August 25, 2022

Part of the key to Kubernetes security — and the one that is easy to overlook — is the DevOps lifecycle. Kubernetes doesn't exist in a vacuum; in most cases, it leverages infrastructure as code (IaC) and is part of a continuous integration/continuous delivery (CI/CD) pipeline that DevOps teams use to deliver software. To secure Kubernetes, then, you need to secure the code layer, the entire delivery pipeline that feeds into it, and all the elements at each phase ...

August 18, 2022

The speed and complexity created by using multicloud environments, multiple coding languages, and open source software libraries are making vulnerability management more difficult, according to Observability and security must converge to enable effective vulnerability management, a new report from Dynatrace, based on an independent global survey of 1,300 chief information security officers (CISOs) in large-size organizations ...

August 16, 2022

As digitalization continues pushing applications and services to the cloud, many companies discover that traditional security, compliance and observability approaches do not transfer directly to cloud-native architectures. This is the primary takeaway from Tigera's recent The State of Cloud-Native Security report ...

August 10, 2022

In order to move the needle on secure programming, there needs to be a shared understanding of the goals of an improvement program and what it will take to get there. There are four rules we found when we analyzed results from millions of scans ...

August 09, 2022

In the last six months, organizations from Microsoft to the Red Cross have been hit by cybersecurity breaches. Widespread open-source vulnerabilities, such as Log4j and Spring4shell, have also shaken the software industry, reminding us just how entwined source code has become. These recurring incidents raise the question, are we making progress in securing our software? ...

Pages