DevSecOps

RKVST - the Archivist of the modern internet

Oct 27, 2022 By DataTrails In DataTrails

RKVST (pronounced Archivist) is an evidence platform that delivers a reliable chain of custody for supply chain data. It proves and verifies who did what when to any asset in the supply chain which can then be shared with supply chain partners. Jon Geater , Chief Product Officer, talks about RKVST at InfoSecurity Europe, London, June 2022.

View Video

DataTrails

Read more about RKVST - the Archivist of the modern internet

Top 5 IAST Tools for 2022

Oct 27, 2022 By Eyal Katz In Spectral

The trouble with allowing developers to deploy code directly to production is that security threats are often overlooked in the process. These vulnerabilities only show up later during runtime. Once this happens, it falls on the shoulders of the Ops team or SREs to engage in firefighting.

Read Post

Spectral

Read more about Top 5 IAST Tools for 2022

Manufacturing Overtakes Financial Services As The Sector With Fewest Software Security Flaws

Oct 19, 2022 By Veracode In Veracode

72 percent of applications contain vulnerabilities, and 12 percent are considered 'high severity' - the lowest of all industries analyzed. Sector still has room for improvement, with some of the lowest and slowest fix rates, especially for open-source flaws.

Read Post

Veracode

Read more about Manufacturing Overtakes Financial Services As The Sector With Fewest Software Security Flaws

AppSec Decoded: DevSecOps in a post-pandemic world | Synopsys

Oct 19, 2022 By Synopsys In Synopsys

In this episode of AppSec Decoded, recorded live at RSA 2022 in San Francisco, cybersecurity experts Natasha Gupta, security solutions manager at Synopsys, and Taylor Armerding, security advocate at Synopsys, discuss pandemic-accelerated improvements in DevSecOps.

View Video

Synopsys

Read more about AppSec Decoded: DevSecOps in a post-pandemic world | Synopsys

Common Goals are Essential for Successful DevSecOps

Oct 18, 2022 By Rezilion In Rezilion

At the heart of having a successful vulnerability management program is alignment between development, security, and operations teams (dubbed DevSecOps) in being able to achieve both innovation and security when delivering products—the ultimate end game. This requires having a common set of goals. Without them, or if teams don’t communication well or collaborate, any DevSecOps initiative will all be for naught.

Read Post

Rezilion

Read more about Common Goals are Essential for Successful DevSecOps

2022 Snyk Customer Value Study highlights: The impact of developer-first security

Oct 18, 2022 By Jeff Yoshimura In Snyk

Developer-centric security movements have dominated discussions in software development over recent years. The concepts are clear — integrate security early and find issues faster. But how does an organization measure the success of its developer security program?

Read Post

Snyk

Read more about 2022 Snyk Customer Value Study highlights: The impact of developer-first security

What is DevOps and how has it evolved into DevSecOps

Oct 12, 2022 By Jay Singh In BoxyHQ

Let's first take a look at what DevOps (Developer Operations) is so we can better understand why it has now evolved into DevSecOps (Developer Security Operations). DevOps is a combination of philosophies, practices, and tools that increases a business's ability to deliver better development in less time (Higher velocity). This can be applied to building a new product or the process of continuous improvement that applies to most products we see today.

Read Post

BoxyHQ

Read more about What is DevOps and how has it evolved into DevSecOps

Cloud-Native Application Platform (CNAPP): Bridging the GAP for DevSecOps

Oct 11, 2022 By CrowdStrike In CrowdStrike

As businesses move their applications, workloads and critical data to the cloud, it becomes more important to rethink how to protect those resources and how to manage those protections. Unfortunately, organizations race to adopt cloud workload protection tooling without considering the bigger picture of how all cloud security controls must work together across all layers of their technology stack, especially the application layer. As a result, they often end up with different security solutions and controls working in silos, which leads to a lack of visibility, a lack of security consistency and security gaps.

View Video

CrowdStrike

Read more about Cloud-Native Application Platform (CNAPP): Bridging the GAP for DevSecOps

[Webinar] DevSecOps - A DevSecOps Maturity Model for Secrets Management

Oct 10, 2022 By GitGuardian In GitGuardian

Listen to experts from KuppingerCole Analysts and GitGuardian as they discuss security vulnerabilities in DevOps environments, which are often due to a lack of visibility and control of widely distributed secrets such as API keys, database passwords, cloud access keys, certificates, SSH keys, and service account passwords, leaving millions of credentials exposed.

View Video