Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

After implementing a DevSecOps strategy from the ground up — including secure design, testing and monitoring, and risk-based remediation — you will need to focus on analysis and governance. After all, organizations need to regularly measure and refine their security processes to mature their DevSecOps programs.

In agile and DevOps-driven environments, APIs are frequently updated to meet evolving business demands, from adding new features to addressing performance issues. However, each deployment introduces potential security risks, as new code, configurations, and endpoints can expose vulnerabilities. In an environment of continuous integration and continuous deployment (CI/CD), the security of an organization’s APIs hinges on rigorous, continuous testing and proactive risk management.

Estee Robinson leads global alliances for Devo and is responsible for defining and executing Devo’s channel strategy. She was named a 2025 Channel Chief by CRN, which recognizes influential leaders who drive the channel agenda and evangelize the importance of channel partnerships. Estee’s work on channel strategy helped land Devo in the CRN Partner Program Guide and inclusions in the CRN Cloud 100 and Security 100 lists for 2025.

Success in threat hunting is vastly different from incident response. Incident responders can measure success in criteria like ticket volume, mean time to close, or escalations. For threat hunting, the number of hunts vs. incidents is not comparable because hunts take longer, and the average time to complete a hunt can vary wildly. More importantly, most hunts will not result in incidents. We can’t use the same metrics! Our critical metrics of success are our outputs/deliverables and documentation.

Blockchain innovation is accelerating, offering new opportunities for developers to create secure applications. However, integrating blockchain infrastructure is getting increasingly complex. With more fragmentation, developers often have to juggle multiple tools, workarounds, and technical intricacies to manage network data, retrieve asset properties, and execute transactions effectively. This slows down innovation, increases operational overhead, and diverts focus from building great products.

At Denver's SnowFROC, security pros tackled the importance of OWASP’s evolving Top 10 and exposed the current shortcomings of AI-generated code for production systems.

Fraud is built on deception, and third-party fraud is no exception. In this type of fraud, attackers use stolen or synthetic identities to impersonate legitimate customers and gain unauthorized access to accounts, services, or funds. By exploiting the trust between businesses and their customers, fraudsters bypass traditional security measures, making third-party fraud a growing threat in an era of automated attacks and large-scale data breaches.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! When a company goes under data theft is a concern, but when one has highly sensitive information…

When you type a familiar website address in your web browser, you expect to land on a particular webpage, but what if you are redirected to a fake website designed to steal your sensitive data? Cyber attackers trick your internet settings into sending you to fake websites instead of the real ones. This is called a DNS spoofing or poisoning attack which exploits vulnerabilities in the Domain Name System (DNS) to compromise the entire network.

Traditional on-premises identity management solutions are no longer adequate to support small and midsize organizations. Moreover, modern Cloud alternatives have significantly eased the complexity and inefficiencies of premises-based identity management.