With DevOps teams moving at ever greater speed, it’s vital for security teams to be deeply involved at all stages of the software development and delivery lifecycle. Breaking down silos between development, operations, and security teams ensures that security considerations are not overlooked, that vulnerabilities are caught early, and that security checkpoints do not slow down the delivery process.

Ecommerce is a popular business model. Many people are getting into this business and looking for ways to secure early retirement from typical 9 to 5 jobs. With the right ideas and execution, there is a good chance that this will happen, but making it in eCommerce isn’t that easy as it was in the past. Yes, there are more options than ever in terms of delivery, logistics, storage, and creating an online store.

There’s no doubt that an analyst’s ability to efficiently share curated threat intelligence has a significant impact on the success of their organization’s overall security operations. In fact, this capability is so important that removing barriers to sharing threat information is the first requirement outlined in the Executive Order issued by the White House on May 12, 2021.

When introducing Open Policy Agent (OPA) to application developers and platform engineers, I normally end my presentation with a bulleted list detailing what I think are the best steps to take to start learning OPA and its declarative policy language, Rego.

If you’re doing open source development today, chances are high that you’re active within the GitHub community — participating in open source projects and their repositories. A recent addition to the GitHub ecosystem is GitHub Packages, which was announced back in 2019 and is now receiving even more updates with the general availability of the GitHub Packages container registry.

Over the last year, we’ve published a number of blogs talking about NewEdge, the network or infrastructure upon which we deliver the Netskope Security Cloud services, and comparing it to other approaches cloud security vendors have taken.

Leading American video game company Electronic Arts (EA) recently disclosed a breach that resulted in the theft of hundreds of gigabytes of data. The exfiltrated information included source code and software that power popular games like FIFA and Battlefield. What’s notable about this attack is that the attackers gained access to EA’s infrastructure through stolen Slack cookies that contained cached employee login credentials.

There are multitudes of advantages that the cloud has to offer to companies. These include making the task of security management more accessible. However, there are still many gray areas associated with the cloud and its implications for an organization’s overall security.

GLBA compliance isn’t something to take lightly. These measures are strictly enforced by the Federal Trade Commission (FTC). In 2018, for instance, Venmo and its parent company PayPal reached a settlement after complaints about the company’s handling of privacy disclosures. The peer-to-peer payment app had 150 days to adhere to GLBA compliance, or it faced fines of up $41,484 per violation.

In Kubernetes, the task of scheduling pods to specific nodes in the cluster is handled by the kube-scheduler. The default behavior of this component is to filter nodes based on the resource requests and limits of each container in the created pod. Feasible nodes are then scored to find the best candidate for the pod placement. In many scenarios, scheduling pods based on resource constraints is a desired behavior.