DevSecOps
How Cybersecurity Teams Can Work Better with DevOps
Samuel Ogbonna | | CI/CD, cloud security best practices, cyber security, devsecops, security automationDevOps teams move fast, but security can lag without the right approach. Often, cybersecurity and DevOps teams work separately, and that could lead to problems. To fix this, organizations must shift from ...
Survey Surfaces Rising Tide of Vulnerabilities in Code Generated by AI
A survey of 450 IT professionals in the U.S. and Europe finds 69% of organizations have discovered vulnerabilities in code generated by artificial intelligence (AI) tools, with 20% reporting there has been ...
The Silent Technical Debt: Why Manual Remediation Is Costing You More Than You Think
Bob Shaker | | ActiveState report, continuous remediation, cybersecurity efficiency, Dependency Management, developer productivity, devsecops, engineering performance, innovation tax, intelligent remediation, KubeCon 2025, manual remediation, Mean Time to Remediate, mttr, open source security, remediation debt, security automation, software vulnerabilities, technical debt, transitive dependencies, vulnerability managementManual vulnerability remediation drains time, innovation, and security. Learn how intelligent remediation eliminates hidden technical debt and accelerates DevSecOps ...
Survey Surfaces Widespread Adoption of AI to Improve DevSecOps
A global survey of 1,015 IT professionals with responsibility for application security finds more than three quarters (77%) are using artificial intelligence (AI), with another 13% considering adoption. Conducted by Fastly, a ...
Git Services Need Better Security. Here’s How End-to-End Encryption Could Help
Tom Smith | | code security, devops security, end-to-end encryption, GitLab security, repository protection, secure development practices, Software Supply Chain SecurityA new study from the University of Sydney, UESTC, and Google introduces efficient end-to-end encryption for Git services like GitHub and GitLab. Learn how this breakthrough could secure your code repositories without ...
Whose Ops is it Anyway? How IDPs, AI and Security are Evolving Developer Culture
Olivier de Turckheim | | AI and ML workloads, AI in DevOps, AI infrastructure, AI-driven operations, AIOps, automation in DevOps, continuous delivery, Cycloid plug-ins, developer experience, devops culture, devops evolution, DevOps scalability, DevOps security integration, DevOps transformation, devsecops, digital transformation DevOps, gitops, IDP, intelligent automation, internal developer platforms, MLOps, modern DevOps strategy, operational resilience, platform engineering, platform governance, secure CI/CDIt was only a few years ago that perhaps the biggest hurdle for DevOps advocates was convincing leadership that it was worth the investment. That conversation has since shifted. In most organisations ...
Worms in the Supply Chain: Shai-Hulud and the Next DevOps Reckoning
Alan Shimel | | artifact provenance, CI/CD security, continuous verification, credential theft, devops security, devsecops, GitHub tokens, npm malware, OIDC, pipeline security, SBoM, Secure software delivery, Shai-Hulud worm, short-lived tokens, Software Supply Chain, supply chain attackDevOps was supposed to make software delivery faster, safer and more reliable. For the most part, it has. But every so often, something nasty crawls out of the shadows and reminds us ...
The EU’s Cyber Resilience Act: Redefining Secure Software Development
The European Union's Cyber Resilience Act (CRA) marks a turning point for anyone building, selling, or maintaining digital products. Whether it’s enterprise software, consumer apps, IoT devices, or embedded systems, the CRA ...
HoundDog.ai Code Scanner Shifts Data Privacy Responsibility Left
HoundDog.ai today made generally available a namesake static code scanner that enables security and privacy teams to enforce guardrails on sensitive data embedded in large language model (LLM) prompts or exposed artificial ...
“Shove Left” – Dumping Downstream Tasks Onto Developers – A Recipe for Failure
Beware the "Shove Left" anti-pattern. Simply dumping downstream tasks onto developers without changing the system is a recipe for burnout, inefficiency and failure ...
Survey Surfaces Significant Lack of Visibility Into Software Supply Chain Risks
Mike Vizard | | news, Software Supply Chain Security, supply chain risks, supply chain vulnerabilities, survey, visibilityA global survey of 1,500 C-suite and senior executives published today finds about half (49%) concede their organization lacks the visibility needed to fully understand – or even identify – software supply ...
Why DevSecOps Isn’t a Thing Yet
One of the biggest obstacles to DevSecOps adoption is the cultural gap between development, security, and operations teams ...
