DevSecOps
More Than 3,000 ‘Ghost’ Accounts Spreading Malware on GitHub
GitHub and similar open-source code and project repositories have become a common target of cybercriminals looking to lure developers into unknowingly downloading malicious scripts ...
CrowdStrike Software Update Sparks Microsoft Outage, Global Chaos
Airlines, hospitals, banks and other businesses were disrupted when a faulty software update knocked Windows users of their systems ...
An Overview of Continuous Security Testing Processes for DevSecOps
Just getting started with DevSecOps and need a primer for the tools and processes to employ? This should help ...
Lineaje Adds Module to Manage Open Source Software Security Lifecycle
This can help DevSecOps teams identify open source software projects that are not being well maintained ...
Snyk Adds Second ASPM Tool to Portfolio
Today, Snyk made available an edition of its application security posture management (ASPM) tool for assessing application risks that provides more context into how code has been written and its role within ...
OpenSSL Fiasco: What can DevOps Learn? | Elon Fires ‘50%’ of Twitter
In this week’s The Long View: The OpenSSL project has egg on its face, and half of Twitter’s staff are for the chop tomorrow ...
Meta Income Down by Half | Will Apple Make it Worse? | Linux Secure Boot Fix
In this week’s The Long View: Meta’s latest results are very bad, Apple wants its cut of Facebook ads, and Lennart Poettering proposes improving Secure Boot for Linux ...
Kill the Password: Google on Board | 4-Day Week Proves Worthy
In this week’s The Long View: Passkeys is getting another big-tech supporter, and the four-day workweek train picks up speed ...
AWS re:Invent Roundup: Private 5G | Graviton3 ARM Chips | DevOps Guru++
In this week’s The Long View: Three things that caught my eye from Amazon Web Services’ re:Invent conference. Private 5G, Graviton3 chips, and something called DevOps Guru for RDS (yes, really) ...
Securing Your Software Development Pipelines
Earlier this year, it was announced that the attack on IT management software provider SolarWinds had been used to compromise other organizations, including parts of the United States government. There were several ...
DevOps Chat: Maximizing the Benefits of DevSecOps
When discussing security in DevOps, we often focus on the security tools instead of the DevSecOps process itself. In this DevOps Chat, ZeroNorth CEO John Worrall takes us to the root of ...
Solving Cloud-Native Challenges in the Rush to the Cloud
The shift to cloud-native environments away from traditional data center infrastructures continues unabated, but security and complexity challenges remain a struggle for DevOps teams. These were two of the main takeaways in ...