DevSecOps
Quick! Define DevSecOps: Let’s Call it Development Security
For a good long while, DevSecOps referred specifically to vendors like Veracode that did static application security scanning, dynamic application security scanning, software composition analysis and some form of runtime monitoring (usually ...
Hasura SDK Integrates GraphQL Platform With More Data Sources
At its HasuraCon ’22 conference, Hasura today announced the early release of a software development kit (SDK) that extends the reach of its GraphQL platform to additional data sources. In addition, Hasura ...
Chip-to-Cloud IoT: A Step Toward Web3
During the first six months of 2021, IoT devices were breached 1.51 billion times, a significant increase from only 639 million breaches observed for the entirety of 2020. This problem can be ...
DevOps Connect: DevSecOps — Building a Modern Cybersecurity Practice
Malicious actors are constantly looking for new ways to gain access to sensitive data and corrupt systems. As software supply chain attacks are on the rise, security has become a top priority ...
ShiftLeft Report Reveals State of Application Security
A report published today by automated application security testing platform ShiftLeft found only one in three applications has an attackable vulnerability. The report also found organizations that prioritized their remediation efforts based ...
The Age of Software Supply Chain Disruption
The software supply chain is swiftly becoming a widespread attack vector, and securing it is now in the spotlight. Software supply chain attacks have become a given in 2022, reports Darktrace. SolarWinds, ...
At Some Point, We’ve Shifted Too Far Left
Those of us involved in DevOps have a tendency to see the world with blinders on. It is rather easy to fall into the “If all you have is a hammer, everything ...
Survey Uncovers Depth of Open Source Software Insecurity
A survey from Snyk and the Linux Foundation published today found that less than half of respondents (49%) work for organizations that have security policies in place for the use or development ...
TechStrong Con: Downturn Brings Additional Sense of DevOps Urgency
Regardless of whether the overall economy is experiencing a correction or is on the cusp of a recession, organizations are going to prioritize some projects over others as resources become more constrained ...
One Year Out: What Biden’s EO Means for Software Devs
It has been just over a year since president Biden issued executive order 14028 (EO) to improve the nation’s cybersecurity posture. Despite the Log4j vulnerability and a worldwide increase in ransomware attacks, ...
Codenotary Adds SLSA Framework Support to Advance App Security
Codenotary this week announced it has integrated support for the Supply-Chain Levels for Software Artifacts (SLSA) framework in its free notarization and verification service for ensuring the integrity of code. Moshe Bar, ...
Improving Observability With ML-Enabled Anomaly Detection
Nowadays, DevOps and SRE teams have many tools to access and analyze logging data. However, there are two challenges that prevent these teams from resolving issues in a timely manner: They aren’t ...