We often talk about the disparate experience in the security ecosystem versus the dev-tooling world. Where developer experience has begun taking center stage in the world of dev-first and cloud native, security experience is still quite lacking across the board in our ecosystem. (I would try to coin the term DevSecEx similar to DevSecOps with a focus on DevEx, but it just doesn’t have the same ring.

JIT’s own CTO & Co-founder, David Melamed, had the opportunity to participate in KubeDaily’s DevSecOps Conf 2022 this weekend in partnership with Docker Bangalore and the CNCF, with a really great talk on Open Policy Agent as a Control Engine.

By implementing security metrics that are as demonstrable as uptime and performance SLAs, DevSecOps leaders can showcase their engineering prowess in security.Measuring security in terms of MTTR, MTTD, Detection rate, Exposure window, as well as velocity, coverage, and uptime, can drive its evolution and development, providing similar automation, observability, and capabilities available in engineering.We encourage you to read this informative article, written by Daniel Koch, our very own VP of engineerin

In this blog post, we discuss how you can manage your security tools in your SDLC.It was great to partner with Daniel Begimher from AWS on this post in The New Stack,

People, processes, and tooling all impact an organization’s ability to maintain a strong AppSec program. In a recent panel at Black Hat Europe, Snyk spoke with two customers — Jaguar Land Rover (JLR) and Asda — about the unique challenges they face managing development teams, onboarding new security tools, and building a modern DevSecOps program throughout their organizations.

High-velocity software development today is close to impossible (and most certainly not sustainable) without DevOps. The migration to the public cloud, along with increasing regulatory demands, and other factors made application and code security as vital as DevOps. Thus were born the practices and frameworks of DevSecOps. The value of DevSecOps is evident and clearly understood by technologists.

There is a need for a new approach to AppSec—one that handles business risk without obstructing company growth, eliminates the tradeoff between speed and security, and fulfills the DevSecOps promise. Here are four DevSecOps best practices to help your organization realize this vision with an efficient, effective DevSecOps strategy.

DevSecOps – for many, it feels like a magical black box where code and sensitive digital assets go in one end, and a working piece of software comes out the other. Security practices within the development and operational phases can often get lost. Organizations that haven’t adopted DevSecOps see half of their apps at risk of attacks, while those with a DevSecOps-first approach have only 22% at risk. That’s why the core principles of DevSecOps are important.

In a world where software is produced, distributed, and re-distributed, how do you ensure the software you consume is authentic and safe for your environment? How do you know the software you deployed yesterday is safe today? Most software exploits are discovered after the software has been deployed, which raises the question: It’s not just about getting software updates, as the majority of exploits are distributed as updates. Staying updated isn’t the most secure.

Signing up with DataTrails comes with the ability to share your audit trails with your business partners, other applications, and your internal team. Access policies control users, apps & organizations’ read & write privileges to provenance data in DataTrails. If you’re using an integration, access policies offer a way to fine-tune these integrations, giving specific permissions to add to and read your records.