Platforms, paradigms, processes and processing itself all evolve. Because the information technology industry crosses from one chasm to another on an apparently endless loop of perpetual change, applications and wider systems need to be almost continually modernized. Amazon Web Services wants to enable that process with AWS Transform, a service that now ships with new […]
Your Next Secrets Leak is Hiding in AI Coding Tools
AI coding tools are accelerating secrets sprawl in Kubernetes workflows. Learn where leaks happen and how platform teams can contain the risk.
Securing the AI Era: How Development, Security, and Compliance Must Evolve
The Code Boom and Its Paradox We are witnessing an unprecedented shift in how software is built. With the rise of AI copilots, automated agents, and low-code platforms, code is being produced faster than at any point in history. What once took weeks can now be generated in minutes. This is a remarkable advance, but […]
Infrastructure as Code, Security Blind Spots, and the Messy Reality of DevOps
I’ve spent most of my career in infrastructure and reliability engineering, from years as an SRE at Google to leading teams at Facebook and now building Spacelift. Along the way, I’ve watched entire paradigms rise and fall, seen technologies mature, and learned some hard lessons about where DevOps and security meet—and where they clash. The […]
Shai-Hulud Attacks Shake Software Supply Chain Security Confidence
Being the Dune groupie that I am, I couldn’t pass up the chance to comment on the “Shai-Hulud” NPM attacks. What a clever name for a worm attack. But as the saying goes, “the spice must flow,” so let’s have a look at what is going on here. The Backbone: What Is NPM (and Why […]
The Right Kind of AI for Infrastructure as Code
AI is everywhere in cloud security right now. Nearly every product claims to be “AI-powered,” and copilots and chatbots promise to help teams interpret issues faster. But for most platform teams, understanding the problem isn’t the hard part. The real challenge is resolution. Cloud environments change quickly, and the backlog of security findings grows just […]
Secure Code Warrior Defines Security Rules for AI Coding
Secure Code Warrior has made available a set of security rules for application developers using artificial intelligence (AI) tools to generate code. Company CTO Matias Madou said the AI Security Rules made available on GitHub are intended to encourage developers to review code generated by AI for security issues that these tools may inadvertently introduce. […]
Why DevSecOps Isn’t a Thing Yet
One of the biggest obstacles to DevSecOps adoption is the cultural gap between development, security, and operations teams.
JFrog Extends Alliance With NVIDIA to Secure AI Software Supply Chain
JFrog and NVIDIA today announced they have expanded the integrations between their software development platforms to now include the Enterprise AI Factory, a set of frameworks and blueprints for building artificial intelligence (AI) applications. As a result, software artifacts created using the NVIDIA Enterprise AI Factory can be housed in the JFrog Software Supply Chain […]
How Benchmarking Can Help Software Development Teams Achieve CISA’s “Secure by Design”
In April 2023, the Cybersecurity and Infrastructure Security Agency (CISA) launched its Secure by Design initiative, directing technology companies to ‘prioritize the security of customers as a core business requirement, rather than merely treating it as a technical feature’.
- « Previous Page
- 1
- 2
- 3
- 4
- …
- 46
- Next Page »