The goal of vulnerability management is to close the gap between discovery and resolution, thereby minimizing the window of opportunity for potential cyberattacks.
Poor App Remediation Creates a Vicious Vulnerability Cycle
A survey of 200 security professionals found nearly 83% of respondents reported that an increase in the rate at which applications are being deployed has led to an increase in the reintroduction of previously remediated vulnerabilities. The survey, conducted by Waratek, a provider of tools for managing security-as-code, found 93% of the security professionals polled […]
Majority of Orgs Lack Visibility Into Container Vulnerabilities
Today’s blend of third-party application dependencies and polyglot software development often makes assessing risk difficult. With many new cloud-native deployment models, it can be tricky to discover potential vulnerabilities. These threats take the form of insecure default settings in Kubernetes, over-permissive states, CVEs that threaten container integrity, and other vulnerable conditions. Plugging gaps throughout the […]
How to Source Vulnerability Data for True DevSecOps
Open source comes with code vulnerabilities that must be considered in the DevOps process The war between open source and “only proprietary code” is long over. Open source won the day by convincing the opposition of the benefits of joining the open source community. “Vulnerabilities in the Core,” a report published by the Linux Foundation […]
3 Ways IoT Developers Can Make Their Applications More Secure
When the IoT was still young, IoT application developers got away with making security an afterthought, as they built prototypes and minimum viable products designed to demonstrate the different ways the IoT could be used to transform the way we work, play and live. But the IoT has matured and grown to the point where […]
Black Duck Targets Open Source Code Security Flaws
Open source platforms and projects offer a wide variety of benefits for organizations and developers, but they also can introduce vulnerabilities if you’re not careful. That’s why Black Duck has released Security Checker, a free tool based on its Hub open source security tool to help you identify those vulnerabilities so your applications will be […]
Alert Logic Cloud Insight brings cloud-based security to your cloud infrastructure
One of the primary driving forces behind DevOps is its fluidity. There is a domino-effect that cascades from the developers who create the apps to the IT admins who deploy and administer the apps to the individuals who download and use the apps and back again. Traditional security can’t keep pace so Alert Logic created […]
Alert Logic lends more agile, cloud-native security to DevOps architects
Amid the avalanche of research and product news emerging from this year’s Black Hat USA 2015 conference, held in Las Vegas this week, at least one vendor is attempting to advance a new solution aimed at empowering DevOps architects to streamline and improve security workflow. Houston-based Alert Logic announced the release of its Cloud Insight […]