ControlMonkey today added a risk index dashboard to its automation platform for managing code created using infrastructure as code (IaC) tools based on open-source Terraform software.
Proactive Dependency Management: Reducing Risk and Improving Software Quality
Managing dependencies isn’t just best practice, it is an essential ongoing process. Implement these strategies in your projects to stay ahead of potential issues and ensure your software remains reliable, secure and up to date.
Report: High Risks to Software Supply Chains are Commonplace
A nine-month analysis of more than 100 million alerts, tens of thousands of code repositories, and 140,000 real-world applications finds 95% of organizations have at least one high, critical, or apocalyptic risk within their software supply chain.
Gremlin Adds Detected Risk Tool to Chaos Engineering Service
Gremlin’s risk detection capability in its chaos engineering service automatically identifies issues that could cause outages along with recommendations to resolve them.
FAA Ground Stop due to Technical Debt? | Don’t Do DIY Crypto!
In this week’s #TheLongView: The FAA’s NOTAM database gets corrupted, and Threema shows why DIY encryption is bad.
Best of 2022: Measuring Technical Debt
As we close out 2022, we at staging-devopsy.kinsta.cloud wanted to highlight the most popular articles of the year. Following is the latest in our series of the Best of 2022. What is enterprise technical debt? Technical debt slows down organizations and hampers their ability to deliver. Studies show that technical debt can triple the cost […]
What Donuts Teach Us About DevOps and Delivery Risk
Today, most DevOps teams do not think too much about their approach to risk. Usually, the typical attitude focuses on what to add to reduce risk further. In other words, “Can we add more tests? Can we deploy more carefully?” More tests, more processes and less risk are all obviously good things. Or are they? […]
Secure Software Summit: Reachability and Risk for Security Leaders
It is impossible to manage security posture without considering two key factors in any potential vulnerability or security flaw: Reachability and risk. The two factors are related. Reachability defines the degree to which a given security vulnerability that is detected, such as a CVE, can actually be attacked and exploited to gain privileged access and […]
Fixing Risk Sharing With Observability
Incentives are mismatched among SREs, SecOps, and application developers. These mismatches create challenges around how and what information is shared across siloed teams. This asymmetrical information creates a moral hazard where one team can shift deployment risk to another team, with no accountability back to the originating team. Risk shifting results in unstable applications, inefficient […]
Low-Risk Monolith-to-Microservice Evolution, Part 1
In designing and organizing a two-day workshop on microservices, I’ve been thinking a lot about how to explain monolith application decomposition and what a transition to microservices might look like. This is a small subset of that material, but I wanted to share it to get feedback (in the workshop we go into more detail […]