DevSecOps

Why DevSecOps Should Be Top Priority
DevOps culture and process are integral to maintaining the pace of cloud-native software development for organizations, especially when code deployments might take place many times a day. The ability to instantly create, ...

Go Language is Popular? | VMware Sells to Broadcom? | Unlimited PTO?
In this week’s The Long View: Golang goes from zero to hero, Broadcom buys VMware, and limitless vacation is still a Thing ...

WhiteSource Becomes Mend, Launches Automated Remediation Platform
WhiteSource rechristened itself Mend today and launched a remediation platform that automatically resolves security issues for application developers. Rami Sass, co-founder and CEO of Mend, said now the company is going beyond ...

Survey Surfaces Challenges Ahead on National DevOps Day
A survey published today for National DevOps Day found nearly two-thirds (63%) have seen an increase in the frequency of service incidents that have affected their customers over the course of the ...

Competing Priorities Prevent Devs From Creating Secure Code
The recently released Secure Code Warrior State of Developer-Driven Security Survey revealed that developers continue to wrestle with secure coding practices in a working environment that has long prioritized features and functionality ...

DevSecOps Deluge: Choosing the Right Tools
In the last few years, DevSecOps has become the security process of choice for many forward-thinking enterprises. These organizations have come to understand that fixing bugs in the latter stages of product ...

Managing Hardcoded Secrets to Shrink Your Attack Surface
The practice of hardcoding secrets—such as authentication credentials, passwords, API tokens and SSH Keys—as non-encrypted plain text into source code or scripts has been common in software development for many years. It ...

15 Ways Software Becomes a Cyberthreat
Software is an integral part of private and commercial life; there is no way around it. You need software to do your taxes, book a flight or browse the internet. Software has ...

Progress Expands Scope of Compliance-as-Code Capabilities
Progress this week extended its DevSecOps portfolio—built atop the Chef automation framework it acquired in 2020—to now include the ability to programmatically address compliance mandates. At the same time, Progress has updated ...

How to Secure CI/CD Pipelines With DevSecOps
Many companies are adopting a DevOps approach in their workflows as IT moves toward a more automated and cloud-native world—but for some industries, this migration isn't easy. Many of these companies—in finance, ...

Agile/Scrum is a Failure – Here’s Why
In this week’s The Long View: Agile and Scrum are increasingly getting a bad reputation, being associated with the worst aspects of toxic workplace culture ...

Does GraphQL Introduce New Security Risks?
The GraphQL query language is an excellent tool for increasing the ease of data sharing. The premise is that you request the fields you need in a single bundled request, avoiding multiple ...