DevSecOps

Secure software development lifecycle (SDLC) Best Practices

Jun 27, 2022 By Editor In Cyphere

With all the remote works, online businesses, and digital lifestyle, applications (software) have become an integral part of our lives. In contrast, the growing rate of data breaches and cyber-attacks exploiting minor glitches in application functionality has diverted attention to application security which is still underrated in the era of phenomenal technological advancement.

Read Post

Cyphere

Read more about Secure software development lifecycle (SDLC) Best Practices

DevSecOps 101: Presenting Pyrsia

Jun 27, 2022 By JFrog In JFrog

Hear about Pyrsia, the Decentralized Package Network. JFrog Solutions Engineering Manager William Manning will be interviewing JFrog Development Manager Sudhindra Rao on this new community initiative. Pyrsia enables developers to quickly and easily leverage any package with confidence and transparency.

View Video

JFrog

Read more about DevSecOps 101: Presenting Pyrsia

Vulnerability Validation Increases Efficiency in DevSecOps

Jun 24, 2022 By Rezilion In Rezilion

This is the second installment in a series about making DevSecOps work in your organization. In a previous post, we covered the first pillar of the DevSecOps model—discovery. In this post we discuss the second, which is validation. The reason this phase is so important to the DevSecOps model and for successful vulnerability management is that it’s the point where the software flaws that represent true risks are separated out from those that are not serious security risks.

Read Post

Rezilion

Read more about Vulnerability Validation Increases Efficiency in DevSecOps

Secure Your Code, Then Ship It!

Jun 23, 2022 By Rezilion In Rezilion

View this on-demand webinar and learn.

View Video

Rezilion

Read more about Secure Your Code, Then Ship It!

What's Next for Log4j? Tales From the Trenches Panel

Jun 23, 2022 By Rezilion In Rezilion

The recently discovered flaw in Apache’s Log4j software continues to stress security teams and put many organizations at risk. Because Log4j is very difficult to detect, many scanners may not detect it. Rezilion researchers conducted a survey using multiple open source and commercial scanning tools and assessed the tools against a dataset of packaged Java files where Log4j was nested and packaged in various formats. While no scanner was able to detect Log4j in all formats initially, several scanner makers were quick to respond and update their technology to find the bug.

View Video

Rezilion

Read more about What's Next for Log4j? Tales From the Trenches Panel

Log4j: What's Your Scanner Missing

Jun 23, 2022 By Rezilion In Rezilion

View Video

Rezilion

Read more about Log4j: What's Your Scanner Missing

Device Authority and Intercede distribute SBOMs using RKVST SBOM Hub

Jun 21, 2022 By DataTrails In DataTrails

RKVST SBOM Hub makes it easy to build supply chain transparency with zero trust fabric.

Read Post

DataTrails

Read more about Device Authority and Intercede distribute SBOMs using RKVST SBOM Hub

Discovery: The First Critical Pillar in a Successful DevSecOps Program

Jun 14, 2022 By Rezilion In Rezilion

This is the first installment in a series about making DevSecOps work in your organization. The DevSecOps model, a key to enhancing software security at all phases of the development lifecycle, includes four pillars: Discovery, validation, prioritization and remediation. These are vital for eliminating vulnerabilities from software products, in a way that does not overly tax development and security team resources or lead to higher costs, greater friction and reduced productivity.

Read Post

Rezilion

Read more about Discovery: The First Critical Pillar in a Successful DevSecOps Program

DevSecOps deploy and operate processes

Jun 13, 2022 By Keith Thomas In AT&T Cybersecurity

In the previous article, we covered the release process and how to secure the parts and components of the process. The deploy and operate processes are where developers, IT, and security meet in a coordinated handoff for sending an application into production.

Read Post

AT&T Cybersecurity

Read more about DevSecOps deploy and operate processes

Mend Explainer

May 25, 2022 By Mend In Mend

Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project.

View Video