DevSecOps

10 Pros and Cons of GCP Security Command Center

Feb 28, 2024 By Shlomi Kushchi In Jit

There is no doubt that Google is one of the most innovative companies. In fact, if you want to find or compare others, you'll likely Google it. From search engines to smartphones, it has shaped our digital lives. And with its cloud solution, Google Cloud Platform (GCP), its impact in the cloud arena is no different. However, no amount of innovation can make GCP attack-proof. The cloud is home to increasingly more threats, and they come with a hefty price tag.

Read Post

Jit

Read more about 10 Pros and Cons of GCP Security Command Center

6 Security Risks to Consider with WebAssembly

Feb 28, 2024 By Shuki Levy In Jit

Programs and apps are a manifestation of ideas in a digital format. If you can dream it in other languages, WebAssembly can deliver it to the browser. From games ported from Unity to PDF editing on the web and leveraging interactive data from Jupyter and Rust, WebAssembly’s use cases are countless. WebAssembly (Wasm) is gaining traction to deliver high-performance client-side code that often cannot be created or executed by JavaScript, at least not in a performant way.

Read Post

Jit

Read more about 6 Security Risks to Consider with WebAssembly

From Developer to Security Experience in a Cloud Native World

Feb 28, 2024 By David Melamed In Jit

We often talk about the disparate experience in the security ecosystem versus the dev-tooling world. Where developer experience has begun taking center stage in the world of dev-first and cloud native, security experience is still quite lacking across the board in our ecosystem. (I would try to coin the term DevSecEx similar to DevSecOps with a focus on DevEx, but it just doesn’t have the same ring.

Read Post

Jit

Read more about From Developer to Security Experience in a Cloud Native World

Open Policy Agent as a Control Engine - DevSecOps Conf 2022 Recap

Feb 28, 2024 By David Melamed In Jit

JIT’s own CTO & Co-founder, David Melamed, had the opportunity to participate in KubeDaily’s DevSecOps Conf 2022 this weekend in partnership with Docker Bangalore and the CNCF, with a really great talk on Open Policy Agent as a Control Engine.

Read Post

Jit

Read more about Open Policy Agent as a Control Engine - DevSecOps Conf 2022 Recap

DataTrails - Chain of Custody for Nuclear Waste Disposal

Feb 26, 2024 By DataTrails In DataTrails

This demo is an example of how DataTrails is used to collect information from different databases and different suppliers to form a single source of truth for the full life cycle of an asset. The video shows how multiple parties can track disposable containers for nuclear waste on the DataTrails transparent platform.

View Video

DataTrails

Read more about DataTrails - Chain of Custody for Nuclear Waste Disposal

How to build a modern DevSecOps culture: Lessons from Jaguar Land Rover and Asda

Feb 21, 2024 By Brian Piper In Snyk

People, processes, and tooling all impact an organization’s ability to maintain a strong AppSec program. In a recent panel at Black Hat Europe, Snyk spoke with two customers — Jaguar Land Rover (JLR) and Asda — about the unique challenges they face managing development teams, onboarding new security tools, and building a modern DevSecOps program throughout their organizations.

Read Post

Snyk

Read more about How to build a modern DevSecOps culture: Lessons from Jaguar Land Rover and Asda

DataTrails US DOD Explainable AI Trust Demo

Feb 20, 2024 By DataTrails In DataTrails

DataTrails revolutionizes data integrity and transparency by enabling control over data flows, validating data sources, and constructing mutually accountable records. This approach not only meets the immediate need for secure and trusted data exchange but also lays the groundwork for AI systems to automate sensitive workflows confidently. DataTrails' patented distributed ledger technology underpins AI-driven decision-making, ensuring resilience, explainability, and regulatory compliance.

View Video

DataTrails

Read more about DataTrails US DOD Explainable AI Trust Demo

What is the DevSecOps Maturity Model (DSOMM)?

Feb 15, 2024 By Eyal Katz In Spectral

High-velocity software development today is close to impossible (and most certainly not sustainable) without DevOps. The migration to the public cloud, along with increasing regulatory demands, and other factors made application and code security as vital as DevOps. Thus were born the practices and frameworks of DevSecOps. The value of DevSecOps is evident and clearly understood by technologists.

Read Post

Spectral

Read more about What is the DevSecOps Maturity Model (DSOMM)?

DevSecOps best practices

Feb 13, 2024 By Steven Zimmerman In Synopsys

There is a need for a new approach to AppSec—one that handles business risk without obstructing company growth, eliminates the tradeoff between speed and security, and fulfills the DevSecOps promise. Here are four DevSecOps best practices to help your organization realize this vision with an efficient, effective DevSecOps strategy.

Read Post

Synopsys

Read more about DevSecOps best practices

Creating DataTrails for Supply Chain Artifacts

Feb 7, 2024 By Steve Lasker In DataTrails

In a world where software is produced, distributed, and re-distributed, how do you ensure the software you consume is authentic and safe for your environment? How do you know the software you deployed yesterday is safe today? Most software exploits are discovered after the software has been deployed, which raises the question: It’s not just about getting software updates, as the majority of exploits are distributed as updates. Staying updated isn’t the most secure.

Read Post