Tag: devsecops
Culture a Stumbling Block to DevOps, DevSecOps
Organizations are struggling to improve DevSecOps practices as they confront a lack of cultural alignment and investment, according to a global Progress survey of more than 600 IT, security, application development and ...
5 Tips for Securing DevOps: What You Wish You Knew Sooner
Foundations and frameworks, concrete and steel—not exciting. But that’s the foundation and framing of pretty much every modern building. Everything else that is part of a building–flooring, wiring, lighting, room placement and ...
Codenotary Automates SBOM Creation
Mike Vizard | | Codenotary, devsecops, SBoM, software bill of materials, Software Supply Chain SecurityCodenotary today launched a tool that enables an application to automatically generate a software bill of materials (SBOM) by adding a single line to its source code. Codenotary CEO Moshe Bar said ...
Aqua Security Claims Compliance With Biden’s Executive Order
Aqua Security this week claimed it is the first software supply chain security platform provider to meet the attestation requirements as defined by an executive order issued to federal agencies last year ...
Standardizing Federal Cybersecurity With DevSecOps
DevSecOps is having a moment in the federal government. With President Biden’s Executive Order on Improving the Nation’s Cybersecurity and federal agencies’ issuance of DevSecOps best practices based on the Enduring Security ...
2023 Application Security Budgets on the Rise
A survey of 500 DevSecOps professionals in the U.S. found nearly three-quarters (73%) of organizations plan to increase investment in application security in 2023. The survey, conducted by Wakefield Research on behalf ...
How DevOps Helps With Secure Deployments
DevOps is an approach to software development that emphasizes communication and collaboration between teams. It's best known for bringing together people who previously worked in separate areas like engineering or testing; this ...
Update to Open Source ZAP Tool Improves DAST Performance
An update to the OWASP Zed Attack Proxy (ZAP) open source dynamic application security testing (DAST) tool made available today improves performance by employing a multi-threaded passive scanner engine. Version 2.12.0 of ...
PlanSecOps: Incorporating Security Strategies in Design
Mike O'Malley | | Cybersecurity Awareness Month, devops, devsecops, security by design, Security Framework, software developmentOrganizations that don’t adapt and change aren’t likely to survive. The same can be said about DevSecOps, a discipline created to ensure security is baked into the software development process, not an ...
JFrog Gives Pyrsia to CD Foundation to Secure Software Supply Chains
At the KubeCon + CloudNativeCon North America conference this week, JFrog announced it contributed the Pyrsia project, which uses blockchain technologies to secure software packages, to the Continuous Delivery (CD) Foundation. Stephen ...
Where Does Your Data Go?
One of the most interesting developments in security and compliance in recent years is the ability to follow a piece of data through an application from input to consumption and see each ...
Sonatype Report Surfaces Scope of Known Vulnerability Challenge
Sonatype this week published a State of the Software Supply Chain Report that found a 633% year-over-year increase in malicious attacks aimed at open source software residing in public repositories. In addition, ...
