Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2020

mend

Observability: What You Need to Know

Apr 30, 2020 By Ayala Goldstein In Mend

Observability has recently become quite the buzzword, populating headlines in DevOps and IT publications. Industry experts like Charity Majors, CTO and co-founder of Honeycomb, and Cindy Sridharan, to name a few, have been spreading the word about the importance of observability, making it clear that it’s more than just a passing trend, it’s an approach that DevOps organizations need to adopt.

Read Post
mend

Copy and Paste Code: How to Lose Your Job Using Open Source Code

Apr 23, 2020 By Julie Peterson In Mend

Have you ever wondered whether it’s ok to copy and paste code from an open source project? If you have, you’re not alone. A quick look around several developer websites shows a number of variations on this age-old question. It is never ok to copy and paste code from an open source project directly into your proprietary code. Don’t do it. Just don’t. Even if you’re on a tight deadline. Even if it’s only one loop.

Read Post

Securing Container-Based Applications at the Speed of DevOps

Apr 19, 2020 By Mend In Mend
Thanks to containerization and automation, applications are being developed and delivered faster than ever. With tools such as AWS ECR, developers are able to store, manage and deploy Docker container images without having to worry about operating their own container repositories or scaling the underlying infrastructure. With this, however, arise challenges around managing the security and compliance aspect of your container images. With tools such as WhiteSource, developers are able to manage the security of their containers and container images with no impact on agility and speed.
View Video

Whose vulnerability is it anyway?

Apr 19, 2020 By Mend In Mend
Application security is a top priority today for companies that are developing software. However, it is also becoming more challenging and complex as release frequency continues to rise, more open source components are adopted, and the requirements for data security are getting stricter. Thanks to new DevOps practices and tools, development cycles are getting shorter, allowing organizations to meet market demands and deliver a superior customer experience, but is application security keeping up?
View Video

Lessons Learnt By An Agent Of Chaos From DevOps

Apr 19, 2020 By Mend In Mend
Is your organization ready to embrace a DevOps mindset? Receive a pragmatic view from an agent of chaos, who’s promoting the goal for a single continuous integration and delivery pipeline, shifting testing, security, code reviews, and other opportunities to improve information sharing and quality to the left, shifting configuration to the right, and most importantly, aiming to delight users with constant value.
View Video

The State of Open Source Security Management RSA 2019

Apr 19, 2020 By Mend In Mend
It is no secret - open source has become the main building block in modern applications, and it is almost impossible to develop software at today's pace without it. However, as the open source community grows, and the number of reported vulnerabilities keeps climbing, manually verifying the security and compliance of open source components can no longer provide the necessary control over the security of these components.
View Video

Panel Open Source Security - Weighing the Pros and Cons

Apr 19, 2020 By Mend In Mend
Over the past few years, open source has grown in popularity especially among developers using open source code in their application development efforts. In the security space, however, open source hasn’t been as widely embraced, mostly because of concerns over vulnerabilities. But is open source software really less secure?
View Video

Panel Discussion: Forrester's Latest Wave Report on Software Composition Analysis 2019

Apr 19, 2020 By Mend In Mend
Last week The Forrester Wave™: Software Composition Analysis, Q2 2019 was published. We took part in MediaOps panel discussion to discuss the results of the report and which SCA vendors are right for software development and security teams and their needs.
View Video

Demystifying PCI Software Security Framework: All You Need to Know for Your AppSec Strategy

Apr 16, 2020 By Mend In Mend
The Payment Card Industry (PCI) Security Standards Council recently released a new security framework to replace the previous standard (PCI PA-DSS). The new framework is set to better address the changes that the software development industry has seen in the past few years. Agile and DevOps methodologies, cloud and containerized environments and widespread open source usage have become the new normal and with this, present new AppSec challenges. To ensure that users of payment apps remain safe, the new framework aims to lay a substantial value on continuous application security.
View Video

Whitesource and CircleCI Orbs: Secure your CI/CD Pipelines from Start to Finish

Apr 16, 2020 By Mend In Mend
Open source software components play an important role by providing us with the building blocks of our products. However, even as we enjoy the benefits of open source components, they are not without their challenges, especially when it comes to security vulnerabilities.
View Video
mend

Open Source Analysis Extends Your Visibility

Apr 16, 2020 By Julie Peterson In Mend

When we think of open source analysis, security is often the first thing that comes to mind. But open source analysis is so much more than just security. It gives you visibility into your codebase to help you understand and manage your open source components. In this blog, we’ll define open source analysis, look at why it’s important to your business, and describe the characteristics of an effective open source analysis framework.

Read Post

Predict 2020 - Developers Do Security

Apr 16, 2020 By Mend In Mend
Amid all the talk of shifting left, mingling the DevOps and Security tribes and how can we do code better, faster and with more quality a funny thing happened. Security vendors are developing security tools for devs and DevOps. The security team still pays for them, but they won't buy them without Dev and DevOps buy in. What does this mean for 2020? Will we see better "quality (codeword for security)" in our apps? What should security teams be doing to make this happen? What should Devs and DevOps teams do to adopt these new developer-friendly tools? Is 2020 the year DevSecOps makes a difference?
View Video

How SAP Integrates License Compliance & Security Into Their DevOps Pipeline

Apr 16, 2020 By Mend In Mend
Gone are the days where open source components were only used by individual developers, start-ups or small corporations. Today, even the biggest corporate giants have realized the numerous benefits open source usage brings, thereby openly embracing this as part of their software to help them focus their efforts and push more code out of the door faster.
View Video

Panel Discussion: Cloud Security - Keeping Serverless Data Safe

Apr 16, 2020 By Mend In Mend
The push to the cloud has introduced a previously unknown level of agility to many organizations, but sometimes at the expense of data security. Human error often is the cause of cloud security blunders, putting sensitive data at risk and causing real damage to companies in terms of financial liability and loss of reputation. This webinar discusses some of the more overlooked aspects of cloud security and offers up some best practices for ensuring data in the cloud is truly secure.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.