In Episode 7 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA observe Star Wars Day ...
DevSecOps
May 02, 2023
The majority of organizations surveyed (97%) are gaining business benefits from Kubernetes — including growth in market share and increased profits, according to The State of Kubernetes 2023 from VMware ...
April 28, 2023
In Episode 6 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss Cyber Threat Intelligence ...
April 25, 2023
In mid 2022, the Open Source Software Security Foundation (OpenSSF) launched a 10-point plan to promote and improve the security of open source software. Here are their observations in combination with our own ...
April 24, 2023
Open source isn't a strategy, it's a philosophy of collaboration. It's the fabric of millions of commercial projects in industries like FinTech, IT and AI. But there's something curious about open source — it makes up the majority of codebases, so surely the packages have hundreds of eyes keeping watch on their security posture? Unfortunately not ...
April 21, 2023
In Episode 5 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA provide a preview of the upcoming RSA Conference 2023, focusing on API Security ...
April 19, 2023
Open-source software (OSS) constitutes over 70% of all software, and a new report — What's in Your Open-Source Software? — compiled by Lineaje Data Labs, uncovers the inherent risk and ease of software supply chain tampers in the Apache Software Foundation's most popular products and their dependencies ...
April 14, 2023
In Episode 4 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA provide a preview of the upcoming RSA Conference 2023 ...
April 07, 2023
In Episode 3 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss tax scams ...
April 03, 2023
DEVOPSdigest and Enterprise Management Associates (EMA) are teaming up on the Cybersecurity Awesomeness Podcast. In Episode 2, EMA experts discuss the security ramifications of ChatGPT ...
March 29, 2023
With organizations of all sizes moving more of their operations to the cloud, a majority are struggling to automate cloud security and mitigate risks, according to the 2023 State of Cloud-Native Security Report, a Palo Alto Networks survey of more than 2,500 C-level executives around the world ...
March 28, 2023
Melding security into Development Operations is often confused with providing security to secure applications. There is a high level of relevancy to securing software and applications from the outside, but the focus of DevSecOps largely remains on the following ...
March 21, 2023
While open source is no more or less vulnerable than any other type of software, vulnerabilities in the open source supply chain cannot be managed in the same way as the software an organization creates in-house or purchases from a commercial vendor. There are several reasons why ...
March 07, 2023
Security testing can't survive using manual assessments only. Why? Because it's too slow and unproductive. The introduction and wide adoption of DevOps allows for faster build times by using security tools to conduct assessments. The days of traditional testing are gone, and here's why ...
March 06, 2023
Developers are often forced to compromise security to improve delivery times ... With the increasing threat of cyber attacks, developers need to take the necessary steps to protect applications and find a middle ground between security and delivery time ...
February 21, 2023
Recently, Nissan North America confirmed a data breach at a third-party service provider. Details of the breach were highlighted in a notification that was filed with the Office of the Maine Attorney General on January 16, 2023. Here's what was learned from the report ...
February 16, 2023
While cloud providers offer many cloud native security features and services, supplementary third-party solutions are essential to achieve enterprise-grade cloud workload protection from breaches, data leaks, and targeted attacks in the cloud environment. The following are some industry best practices recommended ...
February 01, 2023
For the past few years, Check Point Research (CPR) has been following the evolution of the cloud threat landscape, as well as the constant increase in cloud infrastructure adoption by corporate environments. As many as 98% of global organizations utilize cloud-based services, and approximately 76% of them have multi-cloud environments, featuring services from two or more cloud providers ...
January 18, 2023
DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact the business in 2023 ...
January 12, 2023
Ask any developer and most will agree that Git it is the most popular software version control (SVC) standard today. Just because it's the most popular, however, doesn't mean it's the most secure. Regardless of whether you're using GitLab, GitHub, or a locally hosted Git server each has its own security issues that can sneak up on you and start a wave of additional issues ... What can you do to avoid repeating the Git security mistakes of others? Here are a few common Git security pitfalls and pointers to help you navigate them ...
January 10, 2023
In 2023, developers will demand solutions that enable highly available cloud-native SQL Server availability groups (AGs) in containers, including support for Kubernetes (K8s) clusters — across mixed environments and across any type of infrastructure or cloud ...
November 28, 2022
Almost three-quarters of applications in the retail and hospitality sector contain security flaws, but only 25% of these are fixed, according to the State of Software Security (SoSS) report v12 from Veracode ...
November 15, 2022
Data breaches cost US companies an average of $9.4 million — and by 2031, ransomware attacks will happen every two seconds. To address the scourge of cybercrime, we must all become data protectionists ...
November 14, 2022
Mobile DevSecOps as it's currently implemented has a big problem: it's too slow and inefficient to keep up with the constantly evolving threat landscape. In the typical way of doing things, common tools like pen testing and code scanning identify known vulnerabilities, and the mobile app is then booted back to the development team where they manually add whatever protection they can within the time they have ...
October 31, 2022
We recently published The API Security Disconnect: API Security Trends in 2022, which reveals some striking disconnects between the respondents' experiences with API security incidents, their lack of awareness of their own APIs, and their confidence in cloud service providers and others to provide API security. The findings are more relevant today ...
