Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2024

jit

6 DevSecOps Best Practices that Enable Developers to Deliver Secure Code

Feb 29, 2024 By Aviram Shmueli In Jit
In the realm of software development, DevSecOps has emerged as a transformative approach, merging the agility of DevOps with valuable security measures. As a methodology, DevSecOps is about proactively embedding security into the very fabric of the development process, ensuring that every code commit, feature addition, and software release is scanned and thoroughly reviewed for vulnerabilities.
Read Post
jit

10 Pros and Cons of GCP Security Command Center

Feb 28, 2024 By Shlomi Kushchi In Jit
There is no doubt that Google is one of the most innovative companies. In fact, if you want to find or compare others, you'll likely Google it. From search engines to smartphones, it has shaped our digital lives. And with its cloud solution, Google Cloud Platform (GCP), its impact in the cloud arena is no different. However, no amount of innovation can make GCP attack-proof. The cloud is home to increasingly more threats, and they come with a hefty price tag.
Read Post
jit

6 Security Risks to Consider with WebAssembly

Feb 28, 2024 By Shuki Levy In Jit
Programs and apps are a manifestation of ideas in a digital format. If you can dream it in other languages, WebAssembly can deliver it to the browser. From games ported from Unity to PDF editing on the web and leveraging interactive data from Jupyter and Rust, WebAssembly’s use cases are countless. WebAssembly (Wasm) is gaining traction to deliver high-performance client-side code that often cannot be created or executed by JavaScript, at least not in a performant way.
Read Post
jit

From Developer to Security Experience in a Cloud Native World

Feb 28, 2024 By David Melamed In Jit
We often talk about the disparate experience in the security ecosystem versus the dev-tooling world. Where developer experience has begun taking center stage in the world of dev-first and cloud native, security experience is still quite lacking across the board in our ecosystem. (I would try to coin the term DevSecEx similar to DevSecOps with a focus on DevEx, but it just doesn’t have the same ring.
Read Post
jit

Defining DORA-Like Metrics for Security Engineering

Feb 28, 2024 By The Jit Team In Jit
By implementing security metrics that are as demonstrable as uptime and performance SLAs, DevSecOps leaders can showcase their engineering prowess in security.Measuring security in terms of MTTR, MTTD, Detection rate, Exposure window, as well as velocity, coverage, and uptime, can drive its evolution and development, providing similar automation, observability, and capabilities available in engineering.We encourage you to read this informative article, written by Daniel Koch, our very own VP of engineerin
Read Post
jit

How Jit Builds a Platform Engineering Mindset in the Cloud

Feb 28, 2024 By The Jit Team In Jit
Learn how the whole team at DevSecOps tool Jit is dedicated to cultivating a platform engineering mindset and discipline in the cloud. Our amazing CTO, David Melamed, PhD.‍ How Jit Builds a Platform Engineering Mindset in the Cloud Learn how the whole team at DevSecOps tool Jit is dedicated to cultivating a platform engineering mindset and discipline in the cloud.
Read Post

DataTrails - Chain of Custody for Nuclear Waste Disposal

Feb 26, 2024 By DataTrails In DataTrails
This demo is an example of how DataTrails is used to collect information from different databases and different suppliers to form a single source of truth for the full life cycle of an asset. The video shows how multiple parties can track disposable containers for nuclear waste on the DataTrails transparent platform.
View Video
Snyk

How to build a modern DevSecOps culture: Lessons from Jaguar Land Rover and Asda

Feb 21, 2024 By Brian Piper In Snyk
People, processes, and tooling all impact an organization’s ability to maintain a strong AppSec program. In a recent panel at Black Hat Europe, Snyk spoke with two customers — Jaguar Land Rover (JLR) and Asda — about the unique challenges they face managing development teams, onboarding new security tools, and building a modern DevSecOps program throughout their organizations.
Read Post

DataTrails US DOD Explainable AI Trust Demo

Feb 20, 2024 By DataTrails In DataTrails
DataTrails revolutionizes data integrity and transparency by enabling control over data flows, validating data sources, and constructing mutually accountable records. This approach not only meets the immediate need for secure and trusted data exchange but also lays the groundwork for AI systems to automate sensitive workflows confidently. DataTrails' patented distributed ledger technology underpins AI-driven decision-making, ensuring resilience, explainability, and regulatory compliance.
View Video
Spectral

What is the DevSecOps Maturity Model (DSOMM)?

Feb 15, 2024 By Eyal Katz In Spectral
High-velocity software development today is close to impossible (and most certainly not sustainable) without DevOps. The migration to the public cloud, along with increasing regulatory demands, and other factors made application and code security as vital as DevOps. Thus were born the practices and frameworks of DevSecOps. The value of DevSecOps is evident and clearly understood by technologists.
Read Post
Spectral

7 DevSecOps Principals Every Developer Must Know

Feb 7, 2024 By Eyal Katz In Spectral
DevSecOps – for many, it feels like a magical black box where code and sensitive digital assets go in one end, and a working piece of software comes out the other. Security practices within the development and operational phases can often get lost. Organizations that haven’t adopted DevSecOps see half of their apps at risk of attacks, while those with a DevSecOps-first approach have only 22% at risk. That’s why the core principles of DevSecOps are important.
Read Post
datatrails

Creating DataTrails for Supply Chain Artifacts

Feb 7, 2024 By Steve Lasker In DataTrails
In a world where software is produced, distributed, and re-distributed, how do you ensure the software you consume is authentic and safe for your environment? How do you know the software you deployed yesterday is safe today? Most software exploits are discovered after the software has been deployed, which raises the question: It’s not just about getting software updates, as the majority of exploits are distributed as updates. Staying updated isn’t the most secure.
Read Post
datatrails

Customize your Access Policies with DataTrails

Feb 1, 2024 By DataTrails Team In DataTrails
Signing up with DataTrails comes with the ability to share your audit trails with your business partners, other applications, and your internal team. Access policies control users, apps & organizations’ read & write privileges to provenance data in DataTrails. If you’re using an integration, access policies offer a way to fine-tune these integrations, giving specific permissions to add to and read your records.
Read Post

DevSecOps Security Best Practices

Feb 1, 2024 By JFrog In JFrog
Carmine Acanfora, Solutions Architect at JFrog in the EMEA region, leads this security best practices webinar. In this webinar, we discuss the advanced features of the JFrog Advanced Security solution, now available in self-hosted mode. We will take the time to address your questions, particularly on topics crucial for all developers, such as: Don't miss this opportunity to explore JFrog's latest security solution and learn how to accelerate and secure your software supply chain with the first DevOps-oriented security solution on the market.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.