There are major cyberattacks and data breaches weekly, if not daily. Each incident is unique in some way, but one element common to almost all successful attacks is trust. Whether it’s a disgruntled employee conducting an insider attack, an attacker infiltrating the network using stolen credentials or an exploit that leverages a third-party vendor or […]
HashiCorp Extends Secrets Management Reach
Secrets management is core to DevSecOps—how credentials are managed can make all the difference in preventing an application from being compromised in the first place. The challenge is making it as simple as possible for developers to access where most of those credentials are stored in the enterprise. HashiCorp this week released an update to […]
Early Automation: A Key Requirement for DevSecOps Success
According to the “2017 DevSecOps Community Survey,” by Sonatype, almost 60 percent of the respondents consider security to be an inhibitor to DevOps agility, while more than 50 percent of developers say they do not have sufficient time to allocate to security. Hence arises the need for enhanced security automation in DevOps. Security automation helps […]
DevSecOps: Don’t Invest In Hope
A successful DevSecOps approach is rooted in action, not hope. There is a lot of investment in hope. I hope we won’t get breached. I hope our DevOps teams aren’t deploying thousands of vulnerable containers. I hope our developers aren’t downloading millions of vulnerable open source components. I hope our developers and security teams will […]
DevSecOps: Digging into Root Cause Analysis
We have all been there in a postmortem when someone says, “Let’s get to the root of the problem.” And, we all know what that means: Who or what is to blame? We also all know that no one wants to play the blame game, yet we all do. But it isn’t our fault (no […]
DevOps Isn’t Getting Cloud Security Right (and What Can Done About It)
The song title of Billy Joel’s 1977 hit, “Get it Right the First Time” aptly describes what DevOps teams need to take to heart when making the jump to the public cloud. But in most cases, security is lacking in the pipeline when making the shift—and a change in DevOps culture and mindset is necessary […]
DevSecOps: Deception in Depth
Mantraps, tripwires and tarpits … sounds like the start of a solid spy-movie plot, doesn’t it? These are among the many concepts of physical security that are making the crossover to software security. You’ve likely heard that security is all about defense in depth—the idea of layering several defensive measures so that their combined effectiveness […]
Malicious Intent: Open Source Developers, Please Protect Your Users
For the second time in just a few weeks we’re seeing the fallout of missteps taken by publishers of open source components. It was just recently that I wrote about the GitHub id of go-bindata being highjacked. We don’t know for certain if the intentions were malicious, but the risk was obvious. Even more recently we find […]
Integrating Security into DevOps: The Benefits and Drawbacks
The efficiency of DevOps for your enterprise will depend on the level of security you integrate in it. The integration of security into DevOps is new to many enterprises, but is highly important because the speed of DevOps can make the apps in development vulnerable to malicious attacks. This can be prevented with the help […]
DevSecOps: If You Build It, They Will Come
Spring training for Major League Baseball in the United States has begun. Millions of people share my love for baseball; however, the same can’t be said for security and compliance—well, at least not yet. Perhaps one day. Much like in the immortal baseball movie, “Field of Dreams,” if you build a friendly security and compliance […]
- « Previous Page
- 1
- …
- 75
- 76
- 77
- 78
- 79
- …
- 82
- Next Page »