DevSecOps
Researchers Find Privilege Escalation Vulnerability in GitHub Repos
Legit Security today revealed that it discovered a privilege escalation vulnerability in GitHub repositories that has since been remediated. Liav Caspi, Legit Security CTO, said the company worked with GitHub to remediate ...
Understanding SaaS Security for DevOps
As Software-as-a-service (SaaS) and DevOps adoption grew, new teams were formed to address emerging security challenges. Traditional solutions weren’t built to detect the new vulnerabilities in the cloud and created excessive noise ...
WhiteSource Offers Free Spring4Shell Vulnerability Tool
WhiteSource has launched a free command-line interface (CLI) tool that detects vulnerable open source Spring4Shell vulnerabilities (CVE-2022-22965) that are impacting Java applications built using the Spring development framework. Susan St. Clair, director ...
Lapsus$ Shames Okta/Sitel | Bitcoin Nukes Climate | EU DMA E2EE FAIL
In this week’s The Long View: Okta and Sitel under fire over Lapsus$ hack, Greenpeace and others call for bitcoin change, and Europe still hates encryption ...
GitLab Allies With Rezilion to Add Workload Analysis Tool
Rezilion has integrated its workload analysis tool with the continuous integration (CI) framework provided by GitLab. The move is part of an effort to make it simpler for developers to discover issues ...
3 Must-Haves When Implementing DevSecOps
The term DevSecOps is already more than a dozen years old. DevOps—the practice of combining software development with IT operations to deploy applications faster—was first coined in 2008 and refined in a ...
How Work-From-Anywhere Impacts DevOps
Brian Lavallée from Ciena talks with Mike Vizard about how the work-from-anywhere movement has impacted DevOps, networking and security. The video is below, followed by a transcript of the conversation. Mike Vizard: ...
Apple Outage Outrage | Linux Random Redo | Okta Hacked (or Not)
In this week’s The Long View: Why Apple services were down, Linux gets a huge RNG overhaul, and we wonder if Okta was hacked again ...
Secure Software Summit: Behold the SBOM
With supply chain security becoming more of a focus, the SBOM is now viewed as a critical element in shoring up supply chain security. SBOM stands for software bill of materials. At ...
Secure Software Summit: Reachability and Risk for Security Leaders
It is impossible to manage security posture without considering two key factors in any potential vulnerability or security flaw: Reachability and risk. The two factors are related. Reachability defines the degree to ...
Secure Software Summit: Measuring and Mitigating OSS Risks
Measuring and mitigating the security risks in open source software is becoming a major issue in the software development community. Attacks on open source software (OSS) are on the rise; open source ...
Secure Software Summit: Securing Software With Zero-Trust
With the increase of supply chain attacks on everything from logging software like Log4j to takeovers of important JavaScript packages to compromises of network utility tools like SolarWinds, more and more organizations ...