Those of us in the software world know that typical Software Development Lifecycles (SDLC) are sequential — not to be confused with linear. In other words, there are "steps" or phases to each development stage. With each stage there are controls and safeguards, as well as a review of policy regulations, before moving to the next step to ensure quality, security, and performance ...
DevSecOps
March 24, 2022
Each year, O'Reilly Media analyzes annual trends in technology usage to help the developer community stay abreast of emerging technology areas — whether it's learning about software architecture for the cloud, mastering new languages to support cryptocurrency or productizing artificial intelligence (AI). By evaluating the top search terms, targeted questions and content usage on our learning platform, we're able to share insights into the top trends influencing software development — insights that empower software developers, data scientists and other practitioners to begin the hard work of taking emerging technologies and deploying them as real-world solutions ...
March 21, 2022
Shift-left has been an important DevOps concept in recent years, and shift-left security is rapidly becoming the next big "shift" for DevOps/Agile development. In this model, app developers build app security, fraud prevention and anti-malware features into software as early as possible in the development cycle, instead of trying to code security in after an app is built ...
February 10, 2022
To arrive at a risk-based product development lifecycle, there must be a risk-based culture. While nearly everything can be automated these days, the source code for early-warning risk management starts with people and teams, not machines ... But how does one begin to embed security into company culture? Let's start with the cultural triad — then discuss how to get there ...
January 20, 2022
As part of the 2022 DevOps Predictions list, DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact the business in 2022. This is Part 2 ...
January 19, 2022
As part of the 2022 DevOps Predictions list, DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact the business in 2022 ...
January 18, 2022
In today's hyper-digital world, organizations and their developers are having to deliver faster go-to-market innovations than ever, which can mean siloed applications and rising integration challenges — otherwise known as spaghetti architecture — instead of stable and resilient ecosystems ...
January 13, 2022
With the evolving threat landscape and continued impact of the pandemic, it remains crucial businesses stay abreast of new cybercriminal trends so they can be proactive and actionable in protecting their data and information ...
November 29, 2021
In the cloud world, containers are the centerpoint of a growing majority of deployments. By providing compartmentalization of workloads and the ability to run "serverless," containers can speed up and secure deployments and create flexibility unreachable by old style application servers. While a variety of tools have been developed to meet this need, none are as impactful to the industry as Kubernetes. It has emerged as the de facto container orchestration tool for many companies ...
November 04, 2021
Ransomware is no stranger to corporate networks, as it poses huge risks and even larger recovery efforts that are quite costly. Successful ransomware attacks can result in locked systems, stolen identity, data held hostage — all of which can wreak chaos and disaster to the targeted organizations. When ransomware reaches its target, it's practically game over ...
October 28, 2021
DEVOPSdigest asked the top minds in the industry what they think AIOps can do for DevOps and developers. Part 4 covers cloud and containers ...
September 28, 2021
Policy as code is an evolution of the infrastructure as code movement, which has actually been discussed and adopted in DevOps circles for the past decade. Today, we're at an interesting point where Policy as Code is starting to break out of its DevOps bubble to be embraced more widely across the tech sphere — yet there is still a lot of confusion around what it is and how it can be used most effectively ...
September 23, 2021
By 2022, it's predicted that APIs will become the most frequently attacked enterprise web application vector. To fully realize a successful approach to development security operations (DevSecOps) for API security, creating an effective feedback loop between DevOps and SecOps teams is critical to getting a grasp on API security risks ...
September 21, 2021
How does Kubernetes act as an OS for container-based apps? As an OS, Linux manages the resources needed by applications on a single computer. In Kubernetes, the challenge is managing the resources for many applications across many computers ...
August 09, 2021
Baking security into your software and apps from the beginning is more important than ever. Without security, your development lifecycle is open to bugs and vulnerabilities putting your organization and customers at risk. I asked several speakers and sponsors for the upcoming SKILup Day as well as several DevOps Institute Ambassadors to weigh in on the hottest DevSecOps trends. Here's what they shared ...
August 05, 2021
While DevSecOps practices are still evolving, there are many trends to keep an eye on. I asked several speakers and sponsors for the upcoming SKILup Day as well as several DevOps Institute Ambassadors to weigh in on the hottest DevSecOps trends. Here's what they shared ...
August 02, 2021
While industries like financial services, travel, and banking have faced and solved similar problems — most notably through APIs — healthcare lags behind. However, recent changes have unlocked the healthcare industry's ability to use APIs ...
July 26, 2021
Moving toward DevSecOps isn't necessarily an easy process. Organizations first need to adjust their culture to embrace security and define enterprise-wide application security policies and standards to be enabled through automation. Then, they can invest in the required integration of such techniques in the CI/CD processes, including the means to report on discovered issues as would happen for any other software defects. But what does this really mean? ...
July 22, 2021
Delivering clean and safe software is no longer an option for developers or the organizations they work for. Customers have little patience for buggy, error-prone apps and software that's rife with critical vulnerabilities. These sort of quality and security issues can seriously hurt a company's brand reputation and negatively impact revenues ...
June 21, 2021
Static application security testing (SAST), which scans code to find vulnerabilities and bugs, is increasingly considered a best practice for detecting problems early in the development cycle. However, to gain broader adoption both within an organization and across the industry SAST must overcome several barriers based on lingering perceptions. Let’s look at these in more detail ...
June 10, 2021
If security teams cannot prioritize or secure their Kubernetes deployment, the entire cloud application stack and larger organization are at high risk. When not protected, attackers are able to take advantage of cluster settings and escalate privileges to gain full control, which can result in company breaches and the exploitation of private data. Cybersecurity teams should follow these steps to better protect their data stored in the cloud from attack ...
June 09, 2021
In 2020, while a pandemic raged and teams everywhere learned how to work remotely, something rather unexpected happened to DevOps: it grew up. Teams stopped talking about DevOps and simply started doing DevOps, bringing in "big guns" technologies, new ways of thinking, and making huge breakthroughs in everything from release times to automation, new technology adoption and code quality ...
May 17, 2021
The cyber security industry has seen massive growth over the past several decades, and all signs indicate that the industry is only going to continue its meteoric rise. Young professionals who are interested in IT and cyber security can have thriving careers in this fascinating field, including a stimulating job as a DevSecOps Engineer ...
April 29, 2021
The DevOps revolution of the past decade has been driven by an increasingly fast-moving world. Where once the release of new software and applications was an event that happened every few months, it's now a constant, ongoing process with new code rolled out continually. DevOps teams have embraced this challenge by breaking free of the traditional siloed approach, and owning more of the development cycle themselves, including quality testing, integration and deployment. However, there's a major component that DevOps is still failing to take responsibility for: security ...
April 26, 2021
Regardless of where your organization sits in the journey towards better application security (AppSec), the reality of what drives future success remains the same. From emerging to maturing to optimizing, all AppSec programs will eventually need to lock down the gold ring of security — otherwise known as visibility ...
