DevSecOps
Putting the Security Into DevSecOps
The non-Newtonian fluid that’s composed of cornstarch and water has been around a long time, but Dr. Seuss’ 1949 book was the impetus for what it’s often called today – Oobleck, from ...
The 6 Pillars of DevSecOps: Pillar One-Collective Responsibility
With the increased interest in DevSecOps, the Cloud Security Alliance (CSA) and Software Assurance Forum for Excellence in Code (SAFECode) brought together a DevSecOps Working Group to identify and share best practices ...
WhiteSource Offers Free Spring4Shell Vulnerability Tool
WhiteSource has launched a free command-line interface (CLI) tool that detects vulnerable open source Spring4Shell vulnerabilities (CVE-2022-22965) that are impacting Java applications built using the Spring development framework. Susan St. Clair, director ...
What to Expect When Transitioning to DevSecOps
How do you ensure your DevOps pipeline is secure? Does DevSecOps protect you against serious breaches or is it just a way to allay the concerns of stakeholders about security in DevOps? ...
Akamai: Buying Linode | Firefox: Not OK | Gone: Google Vaccine Mandate
In this week’s The Long View: Linode bought by Akamai, Firefox market share “measly,” and Google brings staff back to the office ...
How to Seamlessly Transition to DevSecOps
In the last few months, the cybersecurity world has been taken by storm following the discovery of the Log4Shell vulnerability. The zero-day had the potential to put much of the connected world ...
IBM ‘is Ageist and Sexist’ | IBM Mainframe-aaS | IBM Vaccine Mandate
In this week’s The Long View: IBM’s employment practices get held up to scrutiny, IBM z/OSaaS breaks cover, and IBM encourages staff back to the office ...
Unreliable Server Scare | Information Batteries | ARM IPO PDQ
In this week’s The Long View: We worry about chips failing randomly, we ponder a new way of thinking about workload shifting, and we grok Arm’s IPO ...
Codenotary Launches Cloud Service to Generate SBOMs
Codenotary has launched a Codenotary Cloud platform that can automatically generate a software bill of materials (SBOM) and make it easier to discover what components have been included in an application. Moshe ...
Why Developer-First is the Future of AppSec
DevOps culture and rapid cloud adoption mean developers are shipping code faster than ever and, in many cases, security teams struggle to keep up. To avoid relegating security to afterthought status, organizations ...
App Store Antitrust Bill | GDPR vs. Google Fonts | Wordle Worth $1M+
In this week’s The Long View: The Open App Markets Act polls well among devs, Germany fines a website for using Google Fonts, and the NY Times buys Wordle for an unfeasible ...
Improving Software Security in 2022
The recent Log4j vulnerability showed just how quickly a security bug could disrupt not just an industry, but the entire world. Organizations, especially federal agencies, will always find themselves at some level ...