Identity and Access Management

Attackers Can Exploit a Claude Code RCE Flaw to Take Command of System

Jeff Burt | May 22, 2026 | agentic AI, AI (Artificial Intelligence), AI security risks, Anthropic Claude Code, automated parsers, deeplink

A dangerous vulnerability found in Anthropic’s popular Claude Code developer model could have allowed bad actors to grab control of a victim’s system by luring them into clicking on a crafted malicious ...

Massive VS Code Secrets Leak Puts Focus on Extensions, AI: Wiz

Jeff Burt | October 15, 2025 | exposed secrets, extensions leak, Microsoft Visual Studio, OpenVSX, VS Code, Wiz

Researchers with cybersecurity firm Wiz earlier this year discovered, almost by chance, a significant supply chain risk and massive secrets leak in the Visual Studio Code and OpenVSX marketplaces that they said ...

Five Great DevOps Job Opportunities

Mike Vizard | February 5, 2024 | careers, cloud, Cognizant, devops, engineer, hiring, ibm, talent, Workday

Looking for a great new DevOps job? Check out these available opportunities at Cognizant, IBM, Workday and more! ...

Venafi Adds Ability to Prevent Unauthorized Code From Running

Mike Vizard | January 24, 2024 | automation, code security, machine identity, runtime protection, Venafi

Venafi added an ability to prevent unauthorized code from running in IT environments that make use of its machine identity management platform ...

Sonar Adds Secrets Detection to Code Analysis Portfolio

Mike Vizard | December 18, 2023 | code, IAM, Secrets, secrets management, Sonar, vulnerability

Sonar has added a secrets detection capability to its portfolio of tools for analyzing code and DevOps workflows ...

RBAC, access, JIT, permission, permission management, Just-in-time, access permissions strongDM

RBAC For Your CI/CD Pipeline: Why and How

Gilad David Maayan | December 14, 2023 | Access, devops, permissions, RBAC

By implementing RBAC in your CI/CD pipeline, you can help ensure secure and efficient operations ...

Navigating Passkeys: Challenges, Pitfalls and Considerations for Developers

Julianna Lamb | December 1, 2023 | authentication, challenges, developers, devops, Identity, identity and access management, Passkeys

While passkeys can dramatically improve the security and UX of authenticating users to applications, there’s a lot that still rests on the shoulders of developers ...

access to production, projects, server access,

Who Should Have Access to Production?

Rom Carmel | November 13, 2023 | Access to Production, devops, security

In a perfect world, no one would have access to production, as that’s the safest way to make sure there won’t be any issues ...

Policy-Based Governance: Modernizing Authorization for the Enterprise

Rom Carmel | November 3, 2023 | Cloud-based Environments, devops, governance, policy as code, Policy-based governance, privileged access management

Change of control and management of access in the privileged environment requires a new approach to the solutions we use for privileged access governance ...

Pulumi data API SaaS Radware API DevSecOps

Pulumi Previews Tool to Integrate Secrets and Infrastructure Management

Mike Vizard | October 10, 2023 | infrastructure, infrastructure management, Pulumi, Secrets, secrets management

Pulumi previewed a tool that enables DevOps teams to unify environments, secrets and configuration (ESC) management ...

Legit Security syslogs HashiCorp Checkmarx Synopsys Cycode CodeLogic scanning Contrast Security secrets scan dynamic

HashiCorp Acquires BluBracket to Extend Secrets Management Reach

Mike Vizard | June 29, 2023 | code scanning, Hashicorp, Secrets, secrets management

HashiCorp this week acquired BluBracket to add a set of static secrets discovery tools to its portfolio ...

AWS Identity and Access Management (IAM) Roles and How to use Them

Mariusz Michalowski | May 25, 2023 | Amazon, AWS, IAM roles, Identity, identity and access management

Amazon Web Services relies on the AWS IAM service to govern who is authenticated and authorized to use AWS resources. It plays a hugely significant role in AWS security–and so do its ...