DevSecOps

March 15, 2018

More than half of companies (52%) admit to cutting back on security measures to meet a business deadline or objective, according to a SecOps research report released by Threat Stack ...

February 20, 2018

Nine out of ten (89.1 percent) of information security leaders are concerned about the rise of digital threats they are experiencing across web, social and mobile channels, according to the 2018 CISO Survey, conducted by RiskIQ ...

February 15, 2018

Organizations are focusing investments on security and analytics, while actively researching emerging technologies such as machine learning and artificial intelligence, according to the 2018 CIO Tech Poll: Tech Priorities survey ...

February 08, 2018

The slowness of enterprise IT departments to embrace automated, cloud-native solutions for the cloud infrastructure challenges they face has resulted in IT infrastructure that is often ungoverned and insecure. And this is despite the fact that the cloud can be more secure as traditional data centers ...

February 05, 2018

IT professionals show a heightened concern for cybersecurity risk related to API use, according to a new survey conducted by Imperva. Specifically, 63 percent of respondents are most worried about DDoS threats, bot attacks, and authentication enforcement for APIs ...

January 24, 2018

Today’s digital economy is fueled by software. When software is developed with security integrated from the start, the risk of data breaches is greatly diminished, providing users with heightened levels of confidence and trust when engaging with applications and services that are so ubiquitous in our online world ...

December 18, 2017

The annual list of DevOps Predictions is now a DEVOPSdigest tradition. DevOps experts — analysts and consultants, users and the top vendors — offer thoughtful, insightful, and sometimes controversial predictions on how DevOps and related technologies will evolve and impact business in 2018. Traditionally, we start with a Big Picture look at DevOps, but this year we are jumping right into the topic that seems to be on everyone's DevOps mind for 2018 — security — and the buzzword that says it all: DevSecOps ...

December 14, 2017

Around one in five business leaders indicating that their software budget had increased 50 percent or more over the past three years to support digital transformation projects. However, the increased software development investment has not translated to greater security budgets or awareness of the security risks insecure software introduces: only 50 percent of business leaders surveyed understand the risk that vulnerable software poses to their business, according to Securing the Digital Economy, a report from Veracode ...

December 07, 2017

Modern businesses are migrating to a cloud-based model for hosting sensitive data to reap the benefits of agility and cost savings as well as to keep pace with customer demand. Cloud-Native methodologies such as DevSecOps, continuous delivery, containers and micro-services are essential building blocks in the digital business revolution. However, moving information and technologies from hardware to software poses a security concern – translating to a top challenge for both IT and the C-level, as applications built on top of micro-services and containers in a Cloud-Native environment utilize a wide variety of secrets for their proper functioning ...

October 24, 2017

A new report by CA Veracode found that 88 percent of Java applications contain at least one vulnerable component, making then susceptible to widespread attacks. This is in part because fewer than 28 percent of companies conduct regular composition analysis to understand which components are built into their applications ...

October 19, 2017

In light of the recent Equifax breach, Gene Kim and speakers from the upcoming DevOps Enterprise Summit San Francisco (DOES17) dissected the situation and discussed the technical leadership lessons learned while offering their own expert advice for handling crisis situations. The following are more highlights from the discussion ...

October 18, 2017

In light of the recent Equifax breach, Gene Kim and speakers from the upcoming DevOps Enterprise Summit San Francisco (DOES17) dissected the situation and discussed the technical leadership lessons learned while offering their own expert advice for handling crisis situations ...

September 06, 2017

The number of malware breaches (to use a generic term) are rising in near exponential numbers and, unless there are radical changes, this is set to continue unabated. Most pundits agree with this forecast ...

August 29, 2017

Newly released data shows that distributed denial of service (DDoS) and web application attacks are on the rise once again, according to the Second Quarter, 2017 State of the Internet / Security Report released by Akamai Technologies ...

August 03, 2017

Most software developers make themselves easy targets for hackers, even when they are behind a corporate firewall, according to a new survey from Netsparker Ltd. ...

August 01, 2017

Your top priority is to improve application development agility, but you may run into roadblocks put up by a security team that (mistakenly) believes speed is the enemy of effective cybersecurity. A new survey finds a majority of enterprises are working to overcome those roadblocks by integrating security into their existing DevOps methodology ...

July 24, 2017

SecOps is a seamless collaboration between your IT security and IT operations teams. The goal is to streamline security processes, and ensure that every piece of code that makes it into production is as secure as possible. If you've ever thought of revamping your company's current security operations to make it more agile, or if you've been thinking about building out a SecOps function, here are 5 tips you should keep in mind ...

July 20, 2017

Financial services organizations are high value targets for cyber criminals all over the world. Because of this, it is imperative that the keys and certificates used by financial service DevOps teams are properly protected. If not, bad actors can easily exploit cryptographic assets and wreak havoc on sensitive corporate data, all while remaining undetected ...

July 14, 2017

Despite the pervasive belief that security and development teams have conflicting priorities, initiatives such as creating DevOps environments and focusing on product innovation have the two teams aligned toward a common goal of creating secure software, according to a new study from Veracode ...

July 12, 2017

Gartner, Inc. highlighted the top technologies for information security and their implications for security organizations in 2017 ...

May 09, 2017

DevOps teams bring significant benefits to their organizations. Unfortunately, DevOps teams, like many business programs, tend to believe innovation must come with a detriment to security. Security measures are often seen as obstacles that impact the agility that DevOps teams rely on ...

March 23, 2017

Mature development organizations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale, according to Sonatype's 2017 DevSecOps Community Survey ...

March 21, 2017

When it comes to food, we all know what's considered "good" and what's "bad". We can all understand this simple rule when eating. But for many, when it comes to software development, simple rules and advice from nutritional labels aren't always there for us ...

February 21, 2017

The stakes are high for preventing security compromises: 72.7 percent of companies have a custom application that, if it were to experience downtime, would significantly impact the organization’s ability to operate, according to the Custom Applications and IaaS Report 2017 ...

February 01, 2017

The concept of intent-based security is a new way of looking at applications, specifically those in a containerized environment, down to the application level and adding in extra security. It uses the power of the developer in order to produce a more predictable and secure environment that can be enforced. When it comes to DevOps and containers, the unique nature of the process and technology allows the intent-based security model to capitalize on three pillars ...

Pages