Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Tag: vulnerability management

DevSecOps languages tool Dell IT as a service

Continuous Security in DevSecOps: Moving Beyond One-Time Testing 

| | automated security, CI/CD pipeline, continuous security, devsecops, penetration testing, SAST/DAST, sdlc, shift left security, software composition analysis (SCA), vulnerability management
Waiting for a single annual pentest to secure your application is like locking your front door only once a year and hoping for the best. In an era where 133 new vulnerabilities are reported every single ...
Rein Security Emerges to Analyze Reachability of Application Vulnerabilities

Rein Security Emerges to Analyze Reachability of Application Vulnerabilities

| | AI-generated vulnerabilities, API security, application security, continuous vigilance, devsecops, funding, Matan Bar Efrat, performance overhead, security automation, software development, software security testing, vulnerability management
Rein Security has emerged from stealth to launch an application security platform capable of determining the reach of a vulnerability based on which libraries and application programming interfaces are actually running in ...
Is Claude Opus 4.6 the Best Security Researcher Ever?

Is Claude Opus 4.6 the Best Security Researcher Ever?

| | 600 vulnerabilities, AI augmentation, AI-driven vulnerability discovery, Anthropic, attackers/opportunists, Axios, Claude Opus 4.6, continuous discovery, coordinated disclosure, defensive adaptation, Gadi Evron, Heather Adkins, maintainers burnout, open source projects, Red Team report, remediation, scale vs capacity, security triage, The Futurum Group, vulnerability management, zero days
Anthropic’s Claude Opus 4.6 uncovered more than 600 previously unknown vulnerabilities in widely used open source software, raising new questions about AI-driven security research, vulnerability management, and defensive readiness ...
Your AI Agents Have a Blind Spot: What DevOps Teams Need to Know About Cross-LLM Security 

Your AI Agents Have a Blind Spot: What DevOps Teams Need to Know About Cross-LLM Security 

| | AI agents, AI infrastructure, Behavioral Monitoring, Cross-LLM Detection, Cybersecurity, devops, DevOps pipelines, incident management, Model-Aware Detection, Multi-LLM Environments, security best practices, Security Gaps, supply chain security, threat detection, vulnerability management
Explore the challenges of AI agents in DevOps pipelines, highlighting the importance of model-aware detection to improve security and reduce vulnerabilities ...
Google, vulnerability, perforce, software, attackers, vulnerability, open source security vulnerability

Patch or Perish: The Brutal Truth About Vulnerability Management in 2025 

| | Active Risk AI, AI-powered VM, attack surface management, breach costs, Cisco VM, continuous monitoring, CVEs 2025, cybersecurity best practices, delayed patching, exploit prediction, IBM data breach report, Kenna Security, machine learning risk scoring, patch management, predictive prioritization, Rapid7, remediation automation, risk-based prioritization, Tenable, threat-aware prioritization, unpatched vulnerabilities, Vulcan Cyber, vulnerability management, vulnerability scanning
Vulnerability management in 2025 is overwhelmed by escalating CVEs and costly breaches; organizations must shift from slow, manual patching to continuous, risk-based, AI-powered remediation to stay secure ...
security, into DevSecOps, AI, DEVSECOPS, CodeOps, DevSecOps, GenAI, security, DevSecOps GitGuardian WhiteSource Automating Security

Patch Management is Essential for Securing DevOps

| | automated patching, automated rollbacks, canary deployments, CI gating, CI/CD pipelines, cloud-native security, continuous delivery security, CVE scanning, devops best practices, devops security, devsecops, feature flags, mean time to patch (MTTP), observability in devops, patch automation tools, patch management, runtime mitigation, SBoM, security automation, software bill of materials, software vulnerabilities, supply chain security, vulnerability discovery, vulnerability management, zero-day defense, zero-day exploits
Zero-day exploits don’t wait for anyone and are one of the main reasons why the cybersecurity market will be worth a whopping $256 billion worldwide. In the current threat landscape, attackers weaponize ...
microsoft, technical debt, LLMs Technical Debt applications

The Silent Technical Debt: Why Manual Remediation Is Costing You More Than You Think 

| | ActiveState report, continuous remediation, cybersecurity efficiency, Dependency Management, developer productivity, devsecops, engineering performance, innovation tax, intelligent remediation, KubeCon 2025, manual remediation, Mean Time to Remediate, mttr, open source security, remediation debt, security automation, software vulnerabilities, technical debt, transitive dependencies, vulnerability management
Manual vulnerability remediation drains time, innovation, and security. Learn how intelligent remediation eliminates hidden technical debt and accelerates DevSecOps ...
Why Nano Updates Only Work if You Begin with the Latest and Greatest Software 

Why Nano Updates Only Work if You Begin with the Latest and Greatest Software 

| | automated updates, CI/CD, container updates, continuous delivery, continuous improvement, CVE reduction, Dependency Management, devsecops, engineering and security collaboration, legacy modernization, Linux base images, modern software stacks, nano updates, secure development practices, security patching, software hygiene, software maintenance, software updates, technical debt, vulnerability management
Is there a silent threat of technical debt looming in your organization?  You probably should take a deeper look.  Modern software systems are composed of hundreds of interdependent components. How are you ...
supply chain, software, Checkmarx, data, Endor, SCA, supply chain, security, workflows, supply chain, software, supply chain security, appsec, polyfill, software, supply chains, DevOps, DevSecOps, Google supply chain

Establishing Visibility and Governance for Your Software Supply Chain

| | application security, asset visibility, attack surface management, build-time security, Cloud Governance, context-aware security, cybersecurity governance, dependency tracking, eBPF runtime analysis, Kubernetes Gatekeeper, Log4Shell, open source security, provenance attestation, risk reduction, SBoM, SBOM automation, secure software development, SLSA, software bill of materials, software provenance, Software Supply Chain Security, supply chain risk, Third-party Dependencies, VEX, vulnerability management, vulnerability prioritization
Asset visibility and cloud governance start with SBOMs, VEX, and provenance tracking. Learn how to secure your software supply chain ...
Google, vulnerability, perforce, software, attackers, vulnerability, open source security vulnerability

Google’s OSV-Scanner V2: Leveling Up Vulnerability Management for Developers

| | devops, google, vulnerability management
Google's OSV-Scanner V2.0.0 brings enhanced vulnerability scanning with container support, interactive visualizations, and innovative remediation features ...
vulnerability shared responsibility One Identity

Vulnerability Management for DevOps Teams: A Practical Guide

| | devsecops, Secure Software, software security, vulnerability, vulnerability management
The goal of vulnerability management is to close the gap between discovery and resolution, thereby minimizing the window of opportunity for potential cyberattacks ...
intelligent, applications, Synopsys supply chain intelligent application vulnerability DevOps open source software Red Hat Dynatrace automation analytics AI Red Hat

Poor App Remediation Creates a Vicious Vulnerability Cycle

| | application testing, patching, vulnerability management, Waratek
A survey of 200 security professionals found nearly 83% of respondents reported that an increase in the rate at which applications are being deployed has led to an increase in the reintroduction ...
Show More