DevSecOps
Threat Modeling as a DevSecOps Practice
Software engineers are always under pressure to build more software, faster. At the same time, there is increasing regulatory and market pressure for secure software that meets users’ and regulators’ requirements for ...
Cloud Giants Shun Wind Power? | LaMDA not Sentient? | MS IE RIP?
In this week’s The Long View: Warren Buffett asks too much for wind energy, it’s “completely ridiculous” to say Google’s chatbot LaMDA is sentient, and Microsoft finally kills Internet Explorer ...
Survey Surfaces Raft of Application Security Issues
A global survey from ReversingLabs found 87% of respondents agreed that software tampering has become a more frequently-used cybersecurity attack, but only 37% said they have any means to detect it. The ...
Jit Emerges to Address Cybersecurity Policy-as-Code Orchestration
Jit today emerged from stealth with a free namesake orchestration platform beta that automatically implements security plans as code. Aviram Shmueli, chief product officer for Jit, said the company will both make ...
How to Adopt an SRE Practice (When You’re not Google)
Site reliability engineering (SRE) isn’t a new term or practice. The practice of applying software engineering skills and principles to operations problems and tasks happened even before site reliability engineer was a ...
Why is Security Still in the Way? A Look at DevSecOps Right Now
According to industry trend reports for 2022, DevSecOps is now considered to be one of the most effective approaches to building software quickly and securely. This effort, of course, means development, security ...
Contrast Security Adds Free Code-Scanning Tool
Contrast Security this week made available a free security tool that enables developers to scan their code using the same core engine used by the cybersecurity team within their organization. Steven Phillips, ...
Orca Security Adds CLI to Improve Cloud Security
Orca Security has extended its cloud security platform via a command-line interface (CLI) that makes it simpler to integrate with a wide range of DevOps tools. Rather than relying on agents, the ...
5 Testing Strategies For Deploying Microservices
With rigorous development and pre-production testing, your microservices will perform as they should. However, microservices need to be continuously tested against actual end-user activity to adapt the application to changing preferences and ...
The APIs You Really Don’t Know About
A few years ago, we were rightly warned about the amount of exposure our APIs created. A massive attack surface that often used “security by obscurity” as its primary method of protection ...
The Risks of Shadow Code
As the economy struggles to recover after the last two years of the COVID-19 pandemic, we have all learned a thing or two about supply chains—and what happens when they break down ...
Architecting an Auth System for Applications
Applications today use many login and authentication methods and workflows. Here, I’ll share the most relevant and proven authentication workflows, which you can use as a basis for architecting and designing an ...