Security is taking a toll on productivity, according to the Software Supply Chain State of the Union report from JFrog. 48% of survey respondents said it typically takes a week or longer to get approval to use a new package/library, extending time to market for new apps and software update ...
DevSecOps
March 22, 2024
In Episode 53 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the updated PCI DSS standards ...
March 20, 2024
Role Based Access Control (RBAC) is a method for regulating access to computer or network resources based on the roles of individual users within an organization. In RBAC, access permissions are grouped by role name, and access to resources is restricted to users who have been authorized to assume the associated role ...
March 18, 2024
Nearly three-quarters of commercial codebases assessed for risk contain open source components impacted by high-risk vulnerabilities, representing a sharp uptick from the previous year, according to the Open Source Security and Risk Analysis (OSSRA) report from Synopsys ...
March 15, 2024
In Episode 52 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA present Security 101 Basics: Microsegmentation ...
March 14, 2024
While security is a top priority for developers, they are facing an uphill battle when it comes to time spent chasing vulnerabilities, the available scanning tools and alignment with security teams, according to the Developer Survey Report from Qwiet AI ...
March 13, 2024
The number and severity of API attacks and vulnerabilities are increasing according to the API ThreatStats™2024 Report from Wallarm — there was a 30% increase in API-related Common Vulnerabilities and Exposures (CVEs) and security bulletins in 2023 compared to 2022 ...
March 08, 2024
In Episode 51 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss third party identity providers ...
March 07, 2024
Sometimes, the most effective method of protection is to put yourself in the attacker's shoes so you can stay one step ahead of their next move. The same is true for penetration testing — If you can't beat 'em, join 'em ...
March 06, 2024
DevOps acts as an enabler when taking an application modernization approach ... As businesses evolve, embracing DevOps principles will be the cornerstone of their successful application modernization journey. These will ensure their software remains robust, secure, and user-friendly in the face of technological advancements and market demands. This blog explores the role of DevOps in application modernization ...
March 05, 2024
Policy as code is being explored by the industry as an alternative or expansion upon the long-term standards of role-based access control and entitlements. With policy as code, policies can be managed and automated using code written in a high-level language. It is a programmatic method of uniformly defining and enforcing policies throughout cloud native applications and their infrastructure ...
March 01, 2024
In Episode 50 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss supply chain security concerns and revisit the latest CMMC guidance ...
February 23, 2024
In Episode 48 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the most recent data showing that ransomware attacks are decreasing, while other more focused attacks are increasing ...
February 20, 2024
In the fast-paced world of modern business, application development teams face an immense amount of pressure to code faster than ever before ... However, prioritizing rapid development frequently leads to the neglect of security measures, creating a trade-off that can have significant repercussions, overburdening AppSec teams towards the end of the software development lifecycle (SDLC) and almost guaranteeing software vulnerabilities and exploits ...
February 16, 2024
In Episode 48 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA present Security 101 Basics: Zero Day Attacks ...
February 15, 2024
Attackers are leveraging automation to exploit every point of weakness they can uncover. The 2024 Cloud-Native Security and Usage Report shows that many companies are chasing faster innovation at the cost of more comprehensive security — a gamble that poses real business risks ...
February 14, 2024
Everyone can agree that application programming interface (API) security is important, but whose responsibility is it? Many organizations don't have a clear answer — and this presents a major opportunity for developers to step up into an important new role: API champion ...
February 09, 2024
In Episode 47 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the latest Ransomware attacks in the news ...
February 05, 2024
The field of cloud native development is rapidly evolving, but during this shift to modern environments such as Kubernetes, many DevOps teams are putting security on the back burner in a rush to move to cloud native environments. This is opening the door to a wide array of new security risks and numerous opportunities for unscrupulous cybercriminals — and machine identities are a prime example of this ...
February 02, 2024
In Episode 46 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the media hype surrounding the "Mother of All Breaches" ...
February 01, 2024
The acceleration of digital transformation and subsequent rise in API, containerization, and multi-cloud deployments are creating a dynamic attack surface that's growing increasingly complex. Maintaining visibility to keep track of new, changed, unmanaged, or insecure APIs grows increasingly difficult ...
January 26, 2024
In Episode 45 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the latest changes regarding Cybersecurity Maturity Model Certification (CMMC) assessments ...
January 25, 2024
For years, mainframe systems have served as the bedrock of enterprise networks, standing unmatched in terms of reliability, scalability, and data protection. But with emerging practices like DevOps, the rise of open-source, and the move to hybrid cloud models, security risks have become a pressing concern. With constantly changing rules and shifts in how software is developed and used, it's more important than ever to focus on mainframe security ...
January 24, 2024
DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact development and application security in 2024: In 2024, as Large Language Models (LLMs) become increasingly ubiquitous, we can anticipate a growing concern in the realm of developer security. There are two key aspects that warrant attention ...
January 23, 2024
DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact development and application security in 2024: AI will play a significant role in generating code, allowing for faster development with fewer human resources. But as code inevitably becomes more like open-source software, AI-generated vulnerabilities will become a bigger concern ...
