DevSecOps

June 20, 2019

Alongside the general emphasis in the industry on making software development safer, the growing use of more complex programming languages — notably C++ — has added to the challenge. While C++ gives developers a far more scope for creativity and innovation, its flexibility makes it easier for individuals to inadvertently create coding errors — take for example, memory leaks — that can lead to software vulnerabilities ...

June 13, 2019

Responses to our annual Container Adoption Survey — conducted jointly by Portworx and Aqua Security — have shown a clear uptick in how complex containerized applications have become, demonstrating that IT organizations are increasingly confident that container infrastructure can manage business-critical applications. However, this year's responses also suggest a continuing lack of clarity when it comes to who's responsible for container security ...

May 30, 2019

Next-gen application development vendors are branching out into analytics, the Internet of Things, SaaS-based offerings, security and mobile apps to help clients solve business problems, create new growth opportunities and improve profits, according to a new report published by ISG ...

May 16, 2019

Only 40% of organizations are satisfied with their WAF, according to a new Ponemon Institute report – The State of Web Application Firewalls ...

May 13, 2019

We now move on to Step 8 of the Twelve-Factor App, which recommends scaling out via the process model discussed in Step 7 ...

May 07, 2019

I think the single most profound struggle and opportunity in application security is the relationship between developers and security. For the most part, security professionals see developers as unreliable children running with scissors. Conversely, developers see security professionals as antiquated whistleblowers who focus solely on their own job security ...

April 29, 2019

Only 10 percent of organizations report repairing critical vulnerabilities satisfactorily and in a timely manner. However, to understand how to address this problem, we first need to understand the current state of application security ...

April 08, 2019

In this seventh step, the Twelve-Factor methodology encourages the integration of the network handling traffic code inside your running application ...

March 20, 2019

Cloud-based business initiatives are accelerating faster than security organizations' ability to secure them, according to the State of Hybrid Cloud Security Survey from FireMon. The survey revealed 60% of respondents either agreed or strongly agreed that this was happening in their organizations ...

March 11, 2019

Companies are struggling to address the gap that exists between how they're using containers and their level of confidence about security and misconfigurations. The more containers dominate application development, the more imperative it is to integrate container security measures throughout the process, bringing it earlier in the app dev process and integrating it with the orchestration layer. Portability and integration are critical as companies are trying to simultaneously operationalize and secure containers and microservices across hybrid and multi-cloud deployments. The lag between container security and container adoption represents significant risks to individual businesses as well as the broader ecosystem. It's time to close this security gap before it widens, and DevOps has a central role to play ...

March 04, 2019

Step 6 of the Twelve-Factor App methodology encourages executing the app as one or more stateless processes. Here is some actionable security-focused advice which developers and ops engineers can follow during the SaaS build and operations stages ...

February 28, 2019

Given the risks, container security presents unique challenges. But the right tools, practices, and strategies can overcome them. As is the case with any security initiative, there is no silver bullet that will guarantee security of containerized applications, so organizations should use a combination of techniques and solutions suited to their IT governance requirements. Here are some common approaches, including their pros and cons ...

February 27, 2019

To design an effective container security strategy, organizations first need to understand the risks that attackers could exploit to make them leak. If you don't know the risks, how can you avoid them? Here are a few ...

February 21, 2019

Without question, cyberattacks represent a viable threat to a business' bottom line. A new report from Radware shows that security professionals estimate the average cost of a cyberattack in excess of $1.1M. For those organizations that calculate (versus estimate) the cost of an attack, that number increases to $1.67M. The resulting business impacts? Just as alarming ...

February 19, 2019

In the fast-moving world of DevOps, security sometimes got left by the wayside on the way to the next iteration. But today's threat landscape is so perilous that developers need to have solid security top of mind as they design and build applications. This includes features like user authentication, digital signatures, and encryption ...

January 29, 2019

DEVOPSdigest asked DevOps experts for their predictions on how DevSecOps and security-related technologies will evolve and impact DevOps and business in 2019. This is Part 2 ...

January 28, 2019

DEVOPSdigest asked DevOps experts for predictions on how DevSecOps and related technologies will evolve and impact DevOps and business in 2019 ...

January 22, 2019

In 2019, competitive disruption will drive remaining laggards to a DevOps boiling point. As the industry moves to the plateau of productivity with DevOps automation and standard tooling, laggard executives will reach a management crisis point that will force actions ...

January 14, 2019

Budget season is an important time of the year for businesses because it gives senior IT and security leaders time to reflect on what went right this year and what initiatives need to be given priority in the new year. Recent research from Threat Stack shows security budgets are expected to increase by 19 percent over the next two years, but business leaders are still facing challenges determining where to allocate this budget in the face of rapidly evolving infrastructure ...

January 10, 2019

As organizations of all sizes are embracing hybrid and multi-cloud infrastructures, they are experiencing the many benefits of a more agile, distributed and high-speed environment where new applications and services can be built and delivered in days and weeks, rather than months and years. But as the adoption of these next generation architectures continues to grow, so do the complexities of securing the cloud workloads running on them ...

December 11, 2018

Companies expect increased reliance on Cloud Native Applications (CNAs), however security concerns could prove to be a major obstacle, according to The State of Cloud Native Security ...

November 29, 2018

Organizations with established DevSecOps programs and practices greatly outperform their peers in how quickly they address flaws. The most active DevSecOps programs fix flaws more than 11.5 times faster than the typical organization, due to ongoing security checks during continuous delivery of software builds, largely the result of increased code scanning, according the latest State of Software Security (SOSS) report from CA Veracode ..

November 26, 2018

With the rise of next-generation technologies, businesses have access to more data than ever, creating opportunities to develop new channels for revenue. Contributing to the increase in data is a growing reliance on the external supply chain. However, with the influx of data comes the necessity to understand the entire third-party ecosystem; its benefits and risks. Some of the most devastating breaches have been attributed to a third party ...

November 13, 2018

I'd love to see more security automation deeply integrated into the development process. Everybody knows since the 1990s that security as an afterthought just doesn't work, yet we keep doing it. The reason, I think, is because it's very hard to automate security ...

November 08, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 4 is all about security ...

Pages