DevSecOps

November 21, 2024

Agile security sprints are specialized iterations within the Agile framework focused on embedding security into the sprint cycle. Rather than treating security as an afterthought or a final checkpoint, it's integrated into the regular sprint rhythm ...

November 19, 2024

The evolution of AI, particularly in cloud and serverless environments, has opened up new possibilities — but it's also introduced significant complexities, especially around privacy and data security. DevOps engineers are on the frontlines of these challenges ...

November 15, 2024

In Episode 86 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss real-world cybersecurity AI use cases ...

November 13, 2024

Part 12 of this series features expert recommendations on how to avoid the risks associated with using AI to support software development ...

November 04, 2024

In Part 6 of this series, the experts warn of the security risks associated with using AI to help develop software ...

November 01, 2024

In Episode 84 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss using AI to influence elections and election security in general ...

October 29, 2024

Part 2 of this series covers more processes that can be supported or improved by AI, including security, testing, deployment, documentation and more ...

October 25, 2024

In Episode 83 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss communications security ...

October 24, 2024

In DevOps, hierarchical security practices involve embedding security measures into every development lifecycle stage. Unlike traditional models where security is a final checkpoint before deployment, hierarchical security integrates security from the outset, beginning with the planning and design phases. By doing so, potential vulnerabilities are identified and mitigated early ...

October 22, 2024

Nearly all (92%) security leaders have concerns about the use of AI-generated code within their organization, according to Organizations Struggle to Secure AI-Generated and Open Source Code, a new report from Venafi ...

October 21, 2024

The meteoric rise of artificial intelligence (AI) in the past few years has been a boon for software developers, who quickly embraced AI's ability to help them create code more quickly. But the other edge of the AI sword is that its code isn't always secure, because AI models trained on flawed code, which exists in plenty of applications, are only going to repeat the same mistakes ...

October 18, 2024

In Episode 82 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss cybersecurity maturity ...

October 15, 2024

DevSecOps emerged as a potential solution to address delays and missed vulnerabilities, streamlining development and operations by prioritizing speed and collaboration without compromising on security. But the growing complexity of cloud-native environments and the surge in the volume and vectors of the threat landscape is once more reshaping the way organizations approach software development. The latest evolution increasingly demands that security be treated as an integral part of the software development process ...

October 08, 2024

CyCognito recently conducted an analysis of over 39 million data points from a diverse range of companies, providing concrete evidence validating the growing concerns about the vulnerability of our software supply chains. The report's findings reveal a troubling reality: our digital ecosystems are far more vulnerable than we'd like to believe ...

October 07, 2024

The incorporation of generative AI and machine learning into DevSecOps has unlocked significant potential to improve organizational efficiency in software development. Yet, despite these developments, mitigating friction between development and security teams remains a persistent challenge ...

October 04, 2024

In Episode 80 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA compile a list of points that people should be thinking about during Cybersecurity Awareness Month ...

October 02, 2024

Open-source software has injected fun and excitement into the lives of IT professionals and technology hobbyists alike ... Unsurprisingly, open-source software's lineage is complex ... A single open-source project may have thousands of lines of code from hundreds of authors which can make line-by-line code analysis impractical and may result in vulnerabilities slipping through the cracks ...

September 27, 2024

In Episode 79 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA present Cybersecurity 101: physical access control and biometrics ...

September 23, 2024

It's likely you've heard of the Rat Pack. Decades later, along came the Brat Pack. And today, there's the Threat Pack. While they might not be making headlines on stage or on screen, this dubious group of leaders is making headlines in other ways, most recently as part of the Cloud Security Alliance's Top Threats to Cloud Computing 2024 ...

September 20, 2024

In Episode 78 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the exploding pager attacks in the Middle East, and why they are cybersecurity attacks ...

September 19, 2024

APIs are vital to the financial sector, enabling seamless interactions and efficient operations. However, recent high-profile breaches highlight the urgent need for stronger API security. Financial institutions, in particular, are prime targets for cybercriminals, due to the sensitive nature of the data they handle. The exposure of such sensitive data through APIs can have severe consequences ...

September 13, 2024

In Episode 77 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss election security ...

September 09, 2024

TechTarget's Enterprise Strategy Group (ESG) recently surveyed 350 IT and cybersecurity professionals and application developers to create a report called Modernizing Application Security to Scale for Cloud-Native Development ... When asked to identify their top challenges for AppSec teams supporting cloud-native dev processes, "understanding developer environments and assets to effectively manage security" was one of the top three responses provided ...

September 06, 2024

In Episode 76 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the VERY minor vulnerability found in Yubico YubiKeys, and why it is important to properly evaluate the impacts of these types of vulnerabilities ...

September 05, 2024

Another RSA Conference has come and gone, but not without imparting the wisdom of its attendees who took part in Traceable AI's second annual survey ... The results from this year's survey portrayed a clear message: organizations are struggling to keep up with the continuously evolving challenges of API security ...

Pages