Explore the emerging crisis in application delivery caused by tool fragmentation in modern software development. This article discusses the need for semantic interoperability, context preservation, and a shift from linear pipelines to graph-based architectures to enhance efficiency and reduce cognitive load for developers
Secrets Management Failures in CI/CD Pipelines
Explore the critical role of secrets management in CI/CD pipelines and its impact on cybersecurity. This article highlights the risks of credential exposure, the importance of implementing strong security practices, and how organizations can ensure robust defenses against breaches and supply chain attacks.
Your AI Agents Have a Blind Spot: What DevOps Teams Need to Know About Cross-LLM Security
Explore the challenges of AI agents in DevOps pipelines, highlighting the importance of model-aware detection to improve security and reduce vulnerabilities.
Patch Management is Essential for Securing DevOps
Zero-day exploits don’t wait for anyone and are one of the main reasons why the cybersecurity market will be worth a whopping $256 billion worldwide. In the current threat landscape, attackers weaponize vulnerabilities within hours of disclosure, and that puts DevOps teams in a precarious position. The ability to patch quickly and confidently can mean […]
The DevSecOps Career Path: What No One Tells You About Getting Started
DevOps teams across organizations are suddenly finding themselves responsible for security with no roadmap. One day, teams are focused on deployment velocity and infrastructure automation, the next day, they’re expected to understand threat modeling, vulnerability management and compliance frameworks. This shift isn’t happening by choice — it’s happening because traditional security approaches can’t keep pace […]
Tackling the DevSecOps Gap in Software Understanding
When I first read the recent article from CISA titled “Tackling the National Gap in Software Understanding,” I had the same reaction I imagine many of you did: Well, of course this is necessary. Who in their right mind doesn’t want better visibility into the software used in our most mission-critical systems? But then I […]
Futurum Group Survey Surfaces DevSecOps Progress on Multiple Fronts
A survey of 110 security leaders finds all are investing in software supply chain security, with application security posture management (ASPM) and DevSecOps automation and orchestration topping the priority list, followed closely by security composition analysis (SCA) tools, application programming interface (API) security and dynamic application security testing (DAST) tools. In addition, 30% of respondents […]
How to Extend an Application Security Program to AI/ML Applications
While various AI/ML application risks are like traditional application security risks and can be protected using the same tools and platforms, runtime security for the new models requires new methods of securing the applications.
JFrog Survey Surfaces Limited DevSecOps Gains
A global survey of 1,402 application developers, cybersecurity and IT operations professionals finds 71% work for organizations that, despite any potential vulnerabilities, still allow developers to download packages directly from the internet.
Checkmarx Extends DevSecOps Reach to Repository Security and Secrets Discovery
Checkmarx this week extended the scope of its ability to protect software supply chains with tools that access how secure a repository is and find where application secrets have been shared in a way that is not secure. Ori Bendet, vice president of product management for Checkmarx, said the Repository Health and Secrets Detection tools […]