DevSecOps

The Rise of Security Debt: Your Security IOUs Are Due

April 14, 2025

Enterprises across the world are under attack, and it's getting harder for them to defend themselves ... The regulatory pressures facing companies have made a difference. Recent data from Veracode's 2025 State of Software Security (SoSS) report shows that the percentage of applications passing the Open Worldwide Application Security Project (OWASP) Top 10 tests has increased by 63% over the past five years — a significant improvement. More notably, the prevalence of high-severity flaws has been cut in half over the past decade ...

Cybersecurity Awesomeness Podcast - Episode 105: Hacking a Computer-Controlled Vehicle

April 11, 2025

In Episode 105 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss hacking a modern, computer controlled vehicle ...

Creating SBOMs without the F-Bombs: A Simplified Approach to Creating Software Bills of Material

April 10, 2025

Software engineers are currently caught between a rock and a hard place. The rock? They're under record pressure to produce and release new software. The hard place? They're increasingly expected to account for the safety, security and provenance of every single software asset they use in those builds. That's demonstrated in the rise of the Software Bill of Materials (SBOM). These two clashing requirements are a source of great anxiety for software engineers ...

Critical Security Threats Emerge from AI in Software Supply Chain

April 07, 2025

Software security threats and DevOps risks are emerging in the AI era, according to the Software Supply Chain State of the Union 2025 from JFrog ...

Cybersecurity Awesomeness Podcast - Episode 104: Taxes and Tariffs

April 04, 2025

In Episode 104 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the impacts that taxes and tariffs have on technology and cybersecurity ...

The Role of WAF in Fintech and Financial Services

April 03, 2025

The financial sector is a prime target for cyber attacks due to its extensive digital presence and sensitive customer data. With the rise of online banking, mobile payments, and fintech innovations, cyber threats continue to evolve, exploiting vulnerabilities in financial applications. To protect transactions, customer data, and business operations, strong security measures are essential. Web Application Firewalls(link is external) (WAFs) and API security(link is external) solutions have become critical for ensuring application integrity and regulatory compliance ...

DevSecOps Evolution Continues but Still in Early Stages

April 01, 2025

Development and security teams are making strides in the evolution to DevSecOps but are still working toward alignment on workflows and metrics, according to DevSecOps Evolution: from DevEx to DevSecOps, a report from Checkmarx ...

API Breaches Persist as Fraud, Bot Attacks, and Generative AI Increase Risks

March 31, 2025

Organizations are failing to protect their APIs despite persistent breaches and increased awareness of security risks, according to 2025 Global State of API Security from Traceable AI ...

Cybersecurity Awesomeness Podcast - Episode 103: Federal vs. State Cybersecurity

March 28, 2025

In Episode 103 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the plans to move many cybersecurity controls from the federal level to the state level ...

The Need for Stronger Non-Human Identity Governance in DevOps and DevSecOps

March 25, 2025

According to CyberArk research, Non-Human Identities (NHIs) outnumbered human identities by at least 45-to-1 in 2022 ... At the core of every NHI is an authentication credential, aka a secret. GitGuardian's 2025 State of Secrets Sprawl Report reveals concerning trends in secrets exposure, indicating current management approaches are insufficient to address NHI-related risks ...

Cybersecurity Awesomeness Podcast - Episode 102: Insider Threats

March 21, 2025

In Episode 102 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss insider threats ...

Now Is the Time to Transform DevOps Security

March 17, 2025

By integrating security practices such as code scanning, automated testing, and vulnerability assessments early on, security teams can proactively identify potential threats. They can also respond to emerging risks and ship secure code with confidence. This shift to continuous, proactive security integration is reshaping how developers approach software delivery. Ultimately, it ensures more secure and reliable products for users ...

Cybersecurity Awesomeness Podcast - Episode 101: Tax Season

March 14, 2025

In Episode 101 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss tax season, and the fraud that goes along with it ...

Cloud Security Architecture: Your Guide to a Secure Infrastructure

March 13, 2025

For many, security is like an onion. Sure, it can bring tears to your eyes when implementing it. However, the real reason for this analogy is that security comprises many layers; the more you have, the greater your chances of preventing a breach. Within this context, securing your cloud infrastructure can be compared only to an enormous (and intimidating) onion ...

Insights into Open Source Software Usage and Security

March 11, 2025

Open source software (OSS) is a cornerstone of modern digital infrastructure, driving innovation and supporting applications across industries and regions. With its pervasive use, identifying critical OSS components and addressing their security challenges are vital. The recent Census III Report provides key insights into the OSS ecosystem ...

Cybersecurity Awesomeness Podcast - Episode 100: UK iPhone Privacy Issues

March 07, 2025

In Episode 100 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the latest news surround privacy issues in the UK regarding Apple phones ...

SDLC Misconfigurations: The Overlooked Risk in Modern Software Development

March 05, 2025

Application security isn't just about scanning your source code for vulnerabilities anymore. With today's accelerated, automated, and third party–dependent development environments, risks can sneak in at every step of the software development life cycle (SDLC) ...

How to Make Security Auditing an Important Part of Your DevOps Processes

March 04, 2025

DevOps processes play a vital role in how businesses approach their software development projects. This streamlined way of harmonizing development and operation teams results in improved efficiency and much faster time-to-market when introducing new products. That being said, many times, focusing solely on these two elements doesn't leave much space for security planning. However, for organizations to be successful, it's important that regular security auditing finds its way into modern DevOps workflows to minimize liabilities and ensure safer and more reliable deployments ...

Navigating the Security Risks of AI Implementation

March 03, 2025

AI is being rushed in, and as often happens in human experience, the moment's excitement overshadows our precautionary common sense. At this point, the huge threat I foresee in AI implementation is security. The power of this new technology will be very unforgiving, and drivers of fast implementation, which tend to be the desire to make large amounts of fast money, could turn into financial and reputational nightmares of unimaginable proportions ...

Cybersecurity Awesomeness Podcast - Episode 99: Technology Marketing and Evangelism

February 28, 2025

In Episode 99 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss marketing and evangelism in technology ...

AI-Driven Threat Detection and the Need for Precision

February 27, 2025

While traditional methods like antivirus software still have a place in modern cybersecurity efforts, sophisticated threats require equally robust defenses. AI-powered systems' real-time adaptability enables them to identify and respond to evolving threats, including zero-day exploits. However, the promise of AI hinges on a critical factor: precision ...

The Silent AI Boom: Why Shadow AI Is Growing - and How to Rein It In

February 26, 2025

AI is undeniably ushering in a new era of innovation and efficiency for organizations across every industry. Yet, as businesses adopt sanctioned AI solutions at a breakneck pace, another revolution is quietly unfolding behind the scenes: Shadow AI ...

From Convenience to Vulnerability: The Dual Role of APIs in Modern Services

February 24, 2025

More than 50% of retailers have indicated that APIs accelerate innovation, and 36% indicated that APIs are a strategic asset that can create business value ... As organizations rapidly accelerate API adoption driven by increased AI integration, cloud-based services, and API-first design, the associated vulnerabilities and security gaps are skyrocketing ...

Cybersecurity Awesomeness Podcast - Episode 98: DDoS Mitigation

February 21, 2025

In Episode 98 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss DDoS Mitigation solutions ...

Growing Developer Focus on Software Security Impacts Competitive Advantage

February 20, 2025

Developers are spending significantly more time — and companies are spending $28K per developer yearly — on security-related tasks such as manual application scan reviews, context switching, and secrets detection, among other items, according to the IDC InfoBrief, The Hidden Cost of DevSecOps: A Developer's Time Assessment ...

DEVOPSdigest

DevSecOps

Pages

Upcoming Webinars

On-Demand Webinars

Analyst Reports

White Papers

Media Partners

The Latest

Hot Topics