DevSecOps

US DoJ Makes PyPI Give Up User Data ¦ Tape Storage: Not Dead
In this week’s #TheLongView: PyPI complies with a “string of subpoenas,” and LTO continues to grow, despite predictions of its demise ...

FIDO/WebAuthn Passkeys is Inevitable: Get on the Train ¦ IBM CEO Hates WFH
In this week’s #TheLongView: The Passkeys authentication standard gets a huge boost, and Arvind Krishna wants workers back in the office ...

Linux 6.3: What’s New ¦ AWS Layoffs are a Worry
In this week’s #TheLongView: A new Linux kernel drops and layoffs at Amazon Web Services point to trouble ...

Android Apps Must Let Users Delete Data ¦ RISC-V in the Data Center
In this week’s #TheLongView: Google forces apps to make deleting users’ data easier, and the RISC-V drumbeat grows louder ...

npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
In this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad ...

Dev of core-js Will Flip Table ¦ Another 451 PyPI Maldeps
In this week’s #TheLongView: Denis Pushkarev is fed up with core-js freeloaders, and hundreds more malicious packages found at PyPI ...

OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot ¦ Netflix Blocks Password Sharing
In this week’s #TheLongView: ChatGPT darling OpenAI wants people to write code in English, and the unintended consequences of blocking shared accounts ...

Putting the Security Into DevSecOps
The non-Newtonian fluid that’s composed of cornstarch and water has been around a long time, but Dr. Seuss’ 1949 book was the impetus for what it’s often called today – Oobleck, from ...

The 6 Pillars of DevSecOps: Pillar One-Collective Responsibility
With the increased interest in DevSecOps, the Cloud Security Alliance (CSA) and Software Assurance Forum for Excellence in Code (SAFECode) brought together a DevSecOps Working Group to identify and share best practices ...

WhiteSource Offers Free Spring4Shell Vulnerability Tool
WhiteSource has launched a free command-line interface (CLI) tool that detects vulnerable open source Spring4Shell vulnerabilities (CVE-2022-22965) that are impacting Java applications built using the Spring development framework. Susan St. Clair, director ...

What to Expect When Transitioning to DevSecOps
How do you ensure your DevOps pipeline is secure? Does DevSecOps protect you against serious breaches or is it just a way to allay the concerns of stakeholders about security in DevOps? ...

Akamai: Buying Linode | Firefox: Not OK | Gone: Google Vaccine Mandate
In this week’s The Long View: Linode bought by Akamai, Firefox market share “measly,” and Google brings staff back to the office ...