DevSecOps
npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
Richi Jennings | | Amit Zavery, azure, code repo, code repositories, code repository, GOOG, GOOGL, google, Google Cloud, IaaS, microsoft, Microsoft Azure, MSFT, NPM, npm registry, open source, public repository, Repos, repositories, repository, Repository Security, SEO, Software Supply Chain, software supply chain attacks, Software Supply Chain Security, Software Supply Chains, softwaresupplychain, source code repository, spam, supply chain, supply chain attacks, supply chain security, The Long ViewIn this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad ...
A Seven Point Checklist for Getting SAST Right
Mark Hermeling | | code security, product security, SAST, software quality, Static Application Security TestingWith so many physical products—from automobiles to airplanes and medical devices to industrial control systems—now being driven by software, product security has become a top-level concern for manufacturers. Software flaws can not ...
Software Supply Chain Risk Management: A 2023 Guide
Software supply chain risk management (SSCRM) refers to the process of identifying, assessing and mitigating risks associated with third-party software components and services that are integrated into software products. SSCRM involves understanding ...
How to Maximize Telemetry Data Value With Observability Pipelines
Tucker Callaway | | DataOps, devops, devsecops, observability, Observability pipelines, OpenTelemetry, Telemetry dataThe software landscape has shifted significantly in recent years as companies digitize their operations and adopt cloud and microservices technologies. The complexity of modern software systems has led to an increasing need ...
Awareness of Software Supply Chain Security Issues Improves
Mike Vizard | | best practices, CI/CD, devsecops, security, Software Supply Chain, supply chain securityA global survey of 167 software professionals suggested that, while there is a lot more awareness of application security issues, the adoption of DevSecOps best practices is still not pervasive. The survey, ...
Addressing Software Supply Chain Security
Tomislav Pericin | | DAST, SAST, SCA, Software Supply Chain, software supply chain attacks, Software Supply Chain SecurityIt’s essential for organizations to learn more about the software supply chains they rely on and the steps needed to secure them. In just the past few years, we have seen a ...
ReversingLabs Adds Ability to Detect Secrets in Application Binaries
ReversingLabs today announced it added an ability to detect secrets exposed in application binaries to its Software Supply Chain Security (SSCS) platform. Tomislav Peričin, chief software architect for ReversingLabs, said this addition ...
DevSecOps Provides a Modern Security Model for Modernization
Developers and security experts are now tasked with bolstering, extending and adjusting cloud and Kubernetes security to protect against cyberattacks that are ever more complex, volatile, and frequent. To foil attacks and ...
Good Things Happen When DevSecOps and Cloud Collide
The marriage of cloud and software development is arguably the heart and soul of digital transformation. Providing pathways to greater efficiencies, lower costs and greater enterprise performance, the duo is poised to ...
Survey: More Cybersecurity Pros Embedded in DevOps Teams
A survey of 2,500 C-level executives published today by Palo Alto Networks found 81% of organizations have embedded cybersecurity professionals within their DevOps teams. Despite the presence of those cybersecurity professionals, however, ...
Six Mainframe DevOps Predictions for 2023
DevOps, or the automation of application development and hand-off to operations, is more prevalent than ever on the mainframe. As we begin 2023, below are six predictions for what the coming year ...
Benefits and Challenges of DevSecOps for Business
Almost every day, there is a new tactic or technique discovered that hackers can use to disrupt a company’s systems, obtain critical data and information or steal money. Often attackers look to ...
