webAI and MacStadium(link is external) announced a strategic partnership that will revolutionize the deployment of large-scale artificial intelligence models using Apple's cutting-edge silicon technology.
Addressing Software Exposure Within the DevOps Cycle
August 16, 2018
There once was a time in software development where developers could design, build and then think about their software's security. However in today's highly connected, API-driven application environment, this approach is simply too risky as it exposes the software to vulnerabilities.
To help organizations better understand the evolving nature of software delivery and the critical role security plays from start to finish, a new report, Managing Software Exposure: Time to Fully Embed Security into Your Application Lifecycle, was released by Checkmarx in coordination with FreeForm Dynamics and The Register. The results identify challenges associated with software exposure and security within the DevOps cycle and how organizations can best overcome them.
Among key findings:
Gaps exist between theory and practice when it comes to security's role in DevOps
96 percent of respondents reported that it is "desirable" or "highly desirable" for developers to be properly trained on how to produce secure code
Although there is no how-to guide when it comes to security today, the study found that a major gap exists between what's needed and what's actually in place among organizations surveyed. In fact, 96 percent of respondents reported that it is "desirable" or "highly desirable" for developers to be properly trained on how to produce secure code. Yet, 41 percent still agree that defining clear ownership and responsibility in relation to software security remains a challenge.
While true that there is an apparent desire for a "shift left" approach, ops teams can't be the only ones responsible for implementing it. Developers must not be overlooked when it comes to security and should actually be the ones pioneering an earlier adoption of security within the development process. Which leads us to the question of, why isn't this already happening if both parties consider it a priority?
According to the study, just 11 percent of respondents say they have adequately addressed the need for developer education in this area. Therefore, it's clear that more can be done from an organizational perspective to encourage a "shift left" approach within DevOps.
Don't alienate the C-Suite from security conversations
Now more than ever, c-level executives need to understand the crucial role security plays within their organizations. It takes just one data breach or hack for a brand's reputation to completely crumble, leaving C-level executives responsible and often times blind-sided.
45 percent of respondents still find it challenging to secure senior management approval for funding and security training
According to the survey, 57 percent of respondents "strongly agree" or "agree" with the statement that software security is now a boardroom issue. It's a matter of business risk. To ensure greater software security, developers and security teams must have the support from their executive teams. The catch? 45 percent of respondents still find it challenging to secure senior management approval for funding and security training. A catch-22 when circling back to the gap that exists between theory and practice as it relates to security's role in DevOps.
Furthermore, 44 percent of those surveyed felt that executives don't actually care about how quickly, frequently and safely developers deliver software, it just needs to be done.
Everyone involved with the DevOps cycle needs to work together
72 percent of respondents agree that different teams and disciplines within IT are still too reluctant to trust and work with one another
Developers, testers, security specialists and ops staff need to work together in order to be successful. It's not news that there has been a culture of inefficiency and miscommunication between developer and operations teams. The report found that even though DevOps culture removes many of the barriers between these two departments, 72 percent of respondents still agree that different teams and disciplines within IT are still too reluctant to trust and work with one another.
The bottomline is that in order to prevent software exposure throughout the development lifecycle, it is essential that we first work to resolve the issue of ownership and responsibility, helping to unite employees of diverse skill levels and experiences igniting a sense of mutual trust and respect.
Industry News
March 27, 2025
March 27, 2025
Development work on the Linux kernel — the core software that underpins the open source Linux operating system — has a new infrastructure partner in Akamai. The company's cloud computing service and content delivery network (CDN) will support kernel.org, the main distribution system for Linux kernel source code and the primary coordination vehicle for its global developer network.
March 27, 2025
Komodor announced a new approach to full-cycle drift management for Kubernetes, with new capabilities to automate the detection, investigation, and remediation of configuration drift—the gradual divergence of Kubernetes clusters from their intended state—helping organizations enforce consistency across large-scale, multi-cluster environments.
March 26, 2025
Red Hat announced the latest updates to Red Hat AI, its portfolio of products and services designed to help accelerate the development and deployment of AI solutions across the hybrid cloud.
March 26, 2025
CloudCasa by Catalogic announced the availability of the latest version of its CloudCasa software.
March 26, 2025
BrowserStack announced the launch of Private Devices, expanding its enterprise portfolio to address the specialized testing needs of organizations with stringent security requirements.
March 25, 2025
Chainguard announced Chainguard Libraries, a catalog of guarded language libraries for Java built securely from source on SLSA L2 infrastructure.
March 25, 2025
Cloudelligent attained Amazon Web Services (AWS) DevOps Competency status.
March 25, 2025
Platform9 formally launched the Platform9 Partner Program.
March 24, 2025
Cosmonic announced the launch of Cosmonic Control, a control plane for managing distributed applications across any cloud, any Kubernetes, any edge, or on premise and self-hosted deployment.
March 20, 2025
Oracle announced the general availability of Oracle Exadata Database Service on Exascale Infrastructure on Oracle Database@Azure(link sends e-mail).
March 20, 2025
Perforce Software announced its acquisition of Snowtrack.
March 19, 2025
Mirantis and Gcore announced an agreement to facilitate the deployment of artificial intelligence (AI) workloads.
March 19, 2025
Amplitude announced the rollout of Session Replay Everywhere.
March 18, 2025
Oracle announced the availability of Java 24, the latest version of the programming language and development platform. Java 24 (Oracle JDK 24) delivers thousands of improvements to help developers maximize productivity and drive innovation. In addition, enhancements to the platform's performance, stability, and security help organizations accelerate their business growth ...
