Defining a product is one of the most essential missions of a company. As a product manager in a startup, this is the hardest and most valuable task. In this post, I want to highlight the importance of having data as your best friend from the start, and how it can be collected in the early days of a startup.

This is the third installment in a series about making DevSecOps work in your organization. We’ve looked at the first two pillars of the DevSecOps model—discovery and validation. In this post we examine the third—prioritization. Discovery enables security and development teams to identify software vulnerabilities, and validation allows them to determine which of these flaws present actual security risks and which do not.

The software development process is one with strict deadlines. The pace of innovation does not slow down. Because of this, developers often find themselves frustration as they try to ensure that the product they’re producing delivers on customer expectations, while also limiting vulnerabilities. The balancing act between product security and meeting the needs of a time crunch can lead to a product being rushed to the market, leaving it vulnerable to unpatched exploits.

The gap between Product Managers (PM) and R&D managers has existed since the beginning of the software industry. The PM wants to create the perfect product for their users, add shiny new features all the time, and support as many types of users as possible – while still maintaining a product that is well suited to them. PMs want to move fast. Devs, on the other hand, want to close tech debt, maintain a stable, secure, and robust system, and test every change extensively.

This is the second installment in a series about making DevSecOps work in your organization. In a previous post, we covered the first pillar of the DevSecOps model—discovery. In this post we discuss the second, which is validation. The reason this phase is so important to the DevSecOps model and for successful vulnerability management is that it’s the point where the software flaws that represent true risks are separated out from those that are not serious security risks.

Our lives revolve around measuring things on a daily basis. Comparisons between today and yesterday, between different resources – a bevy of factors. On average, a person makes about 35,000 decisions a day, and many of these require comparison tools to make the right decision. Technological advances today are faster than ever, and as a result, devices and other assets are rapidly improving.

Companies are increasingly turning to a Software Bill of Materials (SBOM) to provide them with information about what is in their individual software environment. SBOMs have already shown promising results. In a study from the Linux Foundation, over 44% of respondents said that a software bills of materials (SBOM) improves some aspects of their development processes.

*This is part of an ongoing series from Rezilion titled Enlightened Engineering: Reflections From Rezilion’s Tech Team By: Ofri Ouzan, Security Researcher, Rezilion

Despite the time that’s passed between its discovery and today, Log4Shell continues to plague the tech industry. The number of downloads of exploitable Log4j packages has remained consistent, and because it nests itself deep in files, it is often difficult for current tools to find vulnerabilities. A recent report from Rezilion finds that almost 60% of packages affected by the vulnerability remained untouched, and over 90,000 publicly facing servers are still running obsolete versions of Log4j.

By Cybernews Team Every company these days either develops or purchases software to help them run more efficiently. Everything is powered by software, from infrastructure and commerce to financial systems and healthcare. Having said that, the threat landscape is also constantly shifting with the software. Hence, companies need to understand the sources of software vulnerabilities and act on them. That involves acquiring quality security tools and various DevSecOps solutions.

This is the first installment in a series about making DevSecOps work in your organization. The DevSecOps model, a key to enhancing software security at all phases of the development lifecycle, includes four pillars: Discovery, validation, prioritization and remediation. These are vital for eliminating vulnerabilities from software products, in a way that does not overly tax development and security team resources or lead to higher costs, greater friction and reduced productivity.

Software attack surface management (SASM) provides an effective way to secure software throughout an organization’s software development life cycle (SDLC). Rezilion’s dynamic software bill of materials (Dynamic SBOM) effectively implements SASM for practical enterprise environments, according to a new report from cybersecurity research and advisory firm TAG Cyber.

Whoever you are, whether you’re a developer that intends to contribute to a project or a researcher that seeks to reveal how a project works, consider this: When it comes to facing a large codebase, understanding how the project’s package dependency resolution works is one of the most important and underrated actions one can easily skip.

The security of software supply chains is a growing issue for organizations as users, applications, and data become more hyperconnected, creating a widening attack surface, and thus, increasing risk. While zero trust architectures are being used in an attempt to thwart attacks, a new study by ESG and Illumio finds that almost half (47%) don’t believe they will be breached.

By: Yotam Perkal, Director of Vulnerability Research, Rezilion Cybersecurity firm Volexity has recently uncovered a zero-day vulnerability affecting all supported versions of Confluence Server and Confluence Data Center. The vulnerability, CVE-2022-26134, was identified during an incident response investigation of a couple of Internet-facing web servers running Atlassian Confluence Server software. On both hosts suspicious JSP web shells were observed being written to disk.

Rezilion Wins Most Innovative DevSecOps, Cutting Edge in SCA, Hot Company SDLC, Next-Gen in Vulnerability Management in 10th Annual Global InfoSec Awards at #RSAC 2022 Rezilion, an autonomous DevSecOps Platform that helps organizations take control of their actual attack surface, is proud to announce we have won the following four awards from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine.

Software development and security professionals might find themselves frequently at odds with each other over a variety of issues, such as how much security control is needed in the development process. But one thing they agree on is that there isn’t enough time to accomplish all they want to meet their goals and responsibilities. This sense of urgency is to a large degree a component of the digital age.