Tag: devsecops

Survey Surfaces Raft of AI Coding Issues Involving Embedded Systems
A new survey of 785 development and security professionals reveals that 89% of organizations are using AI coding assistants for embedded systems, but concerns over security, licensing risks, and governance remain. Python ...

Coding at the Speed of AI: Innovation, Vulnerability, and the GenAI Paradox
Generative AI accelerates software delivery but also reintroduces vulnerabilities, making secure coding practices, oversight, and developer training essential for safe adoption ...

Qwiet AI Extends Microsoft Support in Platform for Fixing Vulnerabilities
Qwiet AI extends its AI-driven application security platform with deeper Microsoft DevOps integrations, enhanced automation, and expanded AutoFix capabilities to proactively remediate code vulnerabilities ...

The EU’s Cyber Resilience Act: Redefining Secure Software Development
The European Union's Cyber Resilience Act (CRA) marks a turning point for anyone building, selling, or maintaining digital products. Whether it’s enterprise software, consumer apps, IoT devices, or embedded systems, the CRA ...

John Willis: The True North of DevOps and DevSecOps
Over the last 14-plus years of my journey through DevOps, I’ve had the good fortune to meet some of the smartest, most generous, most forward-thinking people in our industry. It’s one of ...

Tackling the DevSecOps Gap in Software Understanding
When I first read the recent article from CISA titled "Tackling the National Gap in Software Understanding," I had the same reaction I imagine many of you did: Well, of course this ...

White Paper: The Future of DevSecOps in a Fully Autonomous CI/CD Pipeline
Abstract The growing complexity of modern software development and the increasing speed at which organizations need to deliver software have led to the widespread adoption of DevOps practices, particularly continuous integration/continuous deployment ...

HoundDog.ai Code Scanner Shifts Data Privacy Responsibility Left
HoundDog.ai today made generally available a namesake static code scanner that enables security and privacy teams to enforce guardrails on sensitive data embedded in large language model (LLM) prompts or exposed artificial ...

Minimus Adds VEX Support to Managed Hardened Images Service
Minimus has extended its managed service for providing application developers with hardened images to include support for the Vulnerability Exploittability eXchange (VEX) format used to share data across multiple application security tools ...

“Shove Left” – Dumping Downstream Tasks Onto Developers – A Recipe for Failure
Beware the "Shove Left" anti-pattern. Simply dumping downstream tasks onto developers without changing the system is a recipe for burnout, inefficiency and failure ...

Emerging DevOps Trends: Security, Scalability and Sustainability
As DevOps continues to grow, rapid changes such as security, scalability and sustainability are at the forefront of these changes ...

When AI Assistants Turn Against You: The Amazon Q Security Wake-Up Call
Amazon Q coding assistant was compromised with malicious prompts designed to wipe AWS accounts. What this near-miss teaches us about AI security ...