DevSecOps

Why DevSecOps Teams Need Secrets Management

Jan 26, 2023 By Teresa Rothaar In Keeper

Proper IT secrets management is essential to protecting your organization from cyberthreats, particularly in DevOps environments, where common CI/CD pipeline tools such as Jenkins, Ansible, Github Actions, and Azure DevOps use secrets to access databases, SSH servers, HTTPs services and other highly sensitive systems.

Read Post

Keeper

Read more about Why DevSecOps Teams Need Secrets Management

RKVST launches new public attestation service for supply chain operations

Jan 18, 2023 By DataTrails In DataTrails

Expansion of RKVST supply chain evidence management platform includes multi-tenancy, verified domain name and batch transactions, for easy-to-deploy supply chain visibility, provenance and governance.

Read Post

DataTrails

Read more about RKVST launches new public attestation service for supply chain operations

Turning raw data into golden evidence: the magical power of attestation

Jan 18, 2023 By Jon Geater In DataTrails

There are already so many words and concepts in information security: why do we need another one? And indeed ‘attestation’ is already used in several industry contexts with many subtly different meanings: what do we gain by overloading it?

Read Post

DataTrails

Read more about Turning raw data into golden evidence: the magical power of attestation

Veracode Research Reveals Steps to Reduce Introduction and Accumulation of Security Flaws as Apps Grow and Age

Jan 11, 2023 By Veracode In Veracode

Over 30 Percent of Applications Contain Flaws at First Scan; By Five Years, Nearly 70 Percent of Apps Have At Least One Flaw Scanning via API, Hands-on Security Training, and Scan Frequency Identified as Key Factors to Reduce Flaw Introduction Over Time.

Read Post

Veracode

Read more about Veracode Research Reveals Steps to Reduce Introduction and Accumulation of Security Flaws as Apps Grow and Age

Getting IaC to work for DevSecOps

Dec 15, 2022 By AlgoSec In AlgoSec

Prof. Avishai Wool, AlgoSec Co-Founder and CTO, provides his unique perspective on the value of IaC to DevSecOps and how it can anable organizations to deploy applications faster and avoid risky configuration mistakes early in the game.

View Video

AlgoSec

Read more about Getting IaC to work for DevSecOps

Ridgeline Founder Stories: Rusty Cumpston and Jon Geater of RKVST aim to weave trust into digital supply chains

Dec 9, 2022 By RKVST In DataTrails

Rusty Cumpston and Jon Geater saw an opportunity to solve a huge supply chain trust problem and were inspired to build RKVST (pronounced as “archivist”), a platform aiming to bring integrity, transparency, and trust to digital supply chains. RKVST enables all partners in the supply chain to collaborate and work with a single source of truth, which can be helpful for tracking nuclear waste, storing historical flight data to optimize aircraft flight plans, and much more.

Read Post

DataTrails

Read more about Ridgeline Founder Stories: Rusty Cumpston and Jon Geater of RKVST aim to weave trust into digital supply chains

In Modern AppSec, DevSecOps Demands Cultural Change

Dec 9, 2022 By Carol Hildebrand In Mend

This is the final of a six-part blog series that highlights findings from a new Mend white paper, Five Principles of Modern Application Security Programs. When thinking of adjectives to describe cyberattackers, it’s doubtful that many people would choose to call them innovative – a term we’re more likely to ascribe to things we enjoy. But the reality is that adversaries are innovative, constantly finding new ways to launch attacks that result in greater rewards for less effort.

Read Post

Mend

Read more about In Modern AppSec, DevSecOps Demands Cultural Change

Why tool consolidation matters for developer security

Dec 6, 2022 By Daniel Berman In Snyk

With threats to cloud native applications rising, security leaders feel more pressure than ever to counter an ever-changing risk landscape. But thanks to a rapidly expanding security solutions market, many respond to these growing demands by adding more products. With so many new tools arising to tackle security challenges, it sometimes seems like the right answer is always “one tool out of reach”.

Read Post

Snyk

Read more about Why tool consolidation matters for developer security

DevSecOps: The What, Why, Who, and How

Nov 30, 2022 By Todd DeCapua In Splunk

By way of a brief introduction, I have had a 25+ year career in technology, and this has come with some wonderful experiences and opportunities along the way. One constant throughout my journey has been a need to increasingly leverage data, enabling informed decisions (even automated) at all levels to ensure: secure, high performing and observable products and services are available to the customers and partners I’ve been supporting.

Read Post

Splunk

Read more about DevSecOps: The What, Why, Who, and How

What is DevSecOps: A Comprehensive Guide

Nov 29, 2022 By Emily Heaslip In Nightfall

The rise of cloud, containers, and microservices has shifted the way software developers work for good. Whereas traditionally, software developers would release a new version of an application every few months, today’s platforms allow teams to work faster and more streamlined. These advancements have led to the rise of “software, safer, sooner” — also known as DevSecOps.

Read Post