%term

SBOMs are the answer! Now what was the question?

Nov 1, 2022 By Rob Brown In DataTrails

Last year the Log4J vulnerability perfectly illustrated how properly shared SBOMs would have helped users find and mitigate the “vulnerability of the decade”. And over the last few days we’ve been worried that we’re in the same place with OpenSSL 3.x. Why will this keep on happening? A lot has happened since The White House issued Executive Order 14028.

Read Post

DataTrails

Read more about SBOMs are the answer! Now what was the question?

Top 5 IAST Tools for 2022

Oct 27, 2022 By Eyal Katz In Spectral

The trouble with allowing developers to deploy code directly to production is that security threats are often overlooked in the process. These vulnerabilities only show up later during runtime. Once this happens, it falls on the shoulders of the Ops team or SREs to engage in firefighting.

Read Post

Spectral

Read more about Top 5 IAST Tools for 2022

Bridging the trust gap in connected supply chains

Oct 27, 2022 By DataTrails In DataTrails

In these ultra connected times we increasingly need to share data between organizations. But how can you trust data that’s been generated outside your boundary walls? By another organization or a machine? That’s the trust gap, and that’s where RKVST comes in. Instead of bridging that gap with manual processes, verifying and auditing every document, RKVST takes that same risk management approach but automates it so you can trust the data, documents supply chain information at scale.

View Video

DataTrails

Read more about Bridging the trust gap in connected supply chains

How zero trust helps reduce risk in connected supply chains

Oct 27, 2022 By DataTrails In DataTrails

What is zero trust and how does a zero trust approach helps reduce risk in connected supply chain decision making? Find out how RKVST helps automate the tracking and sharing of supply chain evidence you can rely on, by integrating with the tools businesses already use today. Jon Geater and Rob Brown from RKVST discuss zero trust at InfoSecurity Europe, London, June 2022.

View Video

DataTrails

Read more about How zero trust helps reduce risk in connected supply chains

RKVST - the Archivist of the modern internet

Oct 27, 2022 By DataTrails In DataTrails

RKVST (pronounced Archivist) is an evidence platform that delivers a reliable chain of custody for supply chain data. It proves and verifies who did what when to any asset in the supply chain which can then be shared with supply chain partners. Jon Geater , Chief Product Officer, talks about RKVST at InfoSecurity Europe, London, June 2022.

View Video

DataTrails

Read more about RKVST - the Archivist of the modern internet

Manufacturing Overtakes Financial Services As The Sector With Fewest Software Security Flaws

Oct 19, 2022 By Veracode In Veracode

72 percent of applications contain vulnerabilities, and 12 percent are considered 'high severity' - the lowest of all industries analyzed. Sector still has room for improvement, with some of the lowest and slowest fix rates, especially for open-source flaws.

Read Post

Veracode

Read more about Manufacturing Overtakes Financial Services As The Sector With Fewest Software Security Flaws

2022 Snyk Customer Value Study highlights: The impact of developer-first security

Oct 18, 2022 By Jeff Yoshimura In Snyk

Developer-centric security movements have dominated discussions in software development over recent years. The concepts are clear — integrate security early and find issues faster. But how does an organization measure the success of its developer security program?

Read Post

Snyk

Read more about 2022 Snyk Customer Value Study highlights: The impact of developer-first security

Cloud-Native Application Platform (CNAPP): Bridging the GAP for DevSecOps

Oct 11, 2022 By CrowdStrike In CrowdStrike

As businesses move their applications, workloads and critical data to the cloud, it becomes more important to rethink how to protect those resources and how to manage those protections. Unfortunately, organizations race to adopt cloud workload protection tooling without considering the bigger picture of how all cloud security controls must work together across all layers of their technology stack, especially the application layer. As a result, they often end up with different security solutions and controls working in silos, which leads to a lack of visibility, a lack of security consistency and security gaps.

View Video

CrowdStrike

Read more about Cloud-Native Application Platform (CNAPP): Bridging the GAP for DevSecOps

[Webinar] DevSecOps - A DevSecOps Maturity Model for Secrets Management

Oct 10, 2022 By GitGuardian In GitGuardian

Listen to experts from KuppingerCole Analysts and GitGuardian as they discuss security vulnerabilities in DevOps environments, which are often due to a lack of visibility and control of widely distributed secrets such as API keys, database passwords, cloud access keys, certificates, SSH keys, and service account passwords, leaving millions of credentials exposed.

View Video