The number of malware breaches (to use a generic term) are rising in near exponential numbers and, unless there are radical changes, this is set to continue unabated. Most pundits agree with this forecast ...
DevSecOps
August 29, 2017
Newly released data shows that distributed denial of service (DDoS) and web application attacks are on the rise once again, according to the Second Quarter, 2017 State of the Internet / Security Report released by Akamai Technologies ...
August 03, 2017
Most software developers make themselves easy targets for hackers, even when they are behind a corporate firewall, according to a new survey from Netsparker Ltd. ...
August 01, 2017
Your top priority is to improve application development agility, but you may run into roadblocks put up by a security team that (mistakenly) believes speed is the enemy of effective cybersecurity. A new survey finds a majority of enterprises are working to overcome those roadblocks by integrating security into their existing DevOps methodology ...
July 24, 2017
SecOps is a seamless collaboration between your IT security and IT operations teams. The goal is to streamline security processes, and ensure that every piece of code that makes it into production is as secure as possible. If you've ever thought of revamping your company's current security operations to make it more agile, or if you've been thinking about building out a SecOps function, here are 5 tips you should keep in mind ...
July 20, 2017
Financial services organizations are high value targets for cyber criminals all over the world. Because of this, it is imperative that the keys and certificates used by financial service DevOps teams are properly protected. If not, bad actors can easily exploit cryptographic assets and wreak havoc on sensitive corporate data, all while remaining undetected ...
July 14, 2017
Despite the pervasive belief that security and development teams have conflicting priorities, initiatives such as creating DevOps environments and focusing on product innovation have the two teams aligned toward a common goal of creating secure software, according to a new study from Veracode ...
July 12, 2017
Gartner, Inc. highlighted the top technologies for information security and their implications for security organizations in 2017 ...
May 09, 2017
DevOps teams bring significant benefits to their organizations. Unfortunately, DevOps teams, like many business programs, tend to believe innovation must come with a detriment to security. Security measures are often seen as obstacles that impact the agility that DevOps teams rely on ...
March 23, 2017
Mature development organizations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale, according to Sonatype's 2017 DevSecOps Community Survey ...
March 21, 2017
When it comes to food, we all know what's considered "good" and what's "bad". We can all understand this simple rule when eating. But for many, when it comes to software development, simple rules and advice from nutritional labels aren't always there for us ...
February 21, 2017
The stakes are high for preventing security compromises: 72.7 percent of companies have a custom application that, if it were to experience downtime, would significantly impact the organization’s ability to operate, according to the Custom Applications and IaaS Report 2017 ...
February 01, 2017
The concept of intent-based security is a new way of looking at applications, specifically those in a containerized environment, down to the application level and adding in extra security. It uses the power of the developer in order to produce a more predictable and secure environment that can be enforced. When it comes to DevOps and containers, the unique nature of the process and technology allows the intent-based security model to capitalize on three pillars ...
December 16, 2016
DevOps experts — analysts and consultants, users and the top vendors — offer thoughtful, insightful, often controversial and sometimes contradictory predictions on how DevOps and related technologies will evolve and impact business in 2017. Part 5 covers the many facets of DevOps including analytics, security, collaboration and more ...
November 14, 2016
As organizations continue to adopt a more collaborative DevOps model, many face a common challenge: effectively integrating security practices into the application development lifecycle process. According to a new HPE report, virtually all IT operations professionals, security leaders and developers (99 percent) agree that adopting a DevOps culture has the opportunity to improve application security. However, only 20 percent are actually conducting application security testing today during the development process ...
October 17, 2016
DevOps teams today churn out releases at a rapid pace, and securing these applications is more challenging than ever. Code is continuously changing, and developers must identify and fix security bugs as quickly as possible. Developers need effective tools to help reduce the risk of data breaches while the software development and release machinery is getting faster ...
August 22, 2016
At its emotional core, Star Trek explores the bond between two very different species – Kirk and Spock – who team up to seek out new worlds and defend the Enterprise. In many ways, the same can be said for developers and security teams. How so? ...
August 15, 2016
The software industry has accelerated its shift towards microservices and has fully embraced distributed, cloud native apps. Because existing application security models were designed for a different era, they are woefully inadequate, exposing both consumers and companies. By (mis)matching where software is going with what application security has been, and as evidenced by several recent high-profile leaks, we are all at risk ...
June 10, 2016
In the face of emerging and increasingly frequent cyber threats, DevOps is evolving into DevSecOps, where security is the responsibility of every individual and engrained throughout the development process. While the concept is sound, making it a reality is going to take work ...
May 04, 2016
Privilege Management is a new age term, born from the crucible of Role Based Access Control (RBAC). Privilege Management refers to the ability of any enterprise to successfully manage, detect and mitigate any possibility of employee account misuse. The definition is quite terse and a bit wishful. In reality most organizations have very poor privilege management practices employed for their resources. In this blog, I will discuss why that is the case, what are some good strategies to launch effective privilege management in your organization and some of the gotchas that you can avoid ...
April 11, 2016
The use of APIs to enable applications to interact across single and multiple infrastructures is skyrocketing and innovation is being fueled by companies finding new ways to monetize their software assets by exposing APIs to outside developers. However, exposing APIs to developers outside the company creates significant risk and APIs are becoming a growing target for cyber criminals. A new study by Ovum highlights an alarming lack of consistency and ownership in how API security is addressed ...
January 06, 2016
We can expect to see significant advances in DevOps in 2016. Below are just three predictions you need to know about in order to compete in the idea economy ...
February 23, 2012
If an attacker were bogging down your apps, how would you know? You wouldn't, unless you bridge the gap between ops and security ...
