Who’s responsible for security? Milton Friedman once said “When everybody owns something, nobody owns it, and nobody has a direct interest in maintaining or improving its condition.” While that quote was about physical buildings 40 years ago, it’s still relevant to how we build software today. The technology required to shift security left exists but the organizational shifts are lagging behind.

Here are five steps to help ease the burden Security teams are struggling to keep up with the pace of change in modern environments. More than 18,000 vulnerabilities disclosed in 2020 alone with an average mean time to patch of 60 to 150 days. On top of that, recent developments in DevOps enable developers to push code on demand and launch instances in cloud environments as often as the business needs.

Managing and measuring your security posture is complex Security is difficult in modern environments. The attack surface is exploding, and the pieces are constantly getting smaller. CISOs and operations teams have to maintain and secure environments that can be any combination of on-premise, cloud, containers, serverless, microservices, and kubernetes and are likely doing all of this from home these days.

The recent Solarwinds hack is the latest headline grabbing zero day to send shockwaves throughout the information security community. It was a sophisticated supply chain attack that incorporated several forensic countermeasures and impacted a number of large government institutions and private companies.

In this post we discuss two styles of Test Driven Development (TDD): Bottom Up (Chicago style) and Top Down (London style) also known as mockist style. We show how both styles can be used application development and how refactoring may affect the tests.

Business demands fuel technology shifts The growing shift towards digital business models, accelerated by the pandemic, has revealed the need for increased business and technology alignment across every industry. Customers expect to be able to interact with companies anywhere, anytime, and demand highly responsive, customizable experiences. Gartner refers to organizations with the ability to meet these demands as intelligent, composable businesses1.

Amid the many challenges for healthcare is managing escalating costs without compromising quality of care and risks to patient safety and privacy. For connected medical device (med-tech) companies, this presents a major opportunity to support healthcare providers with advanced digital services, often via mobile-connected devices that process and transmit critical patient-related health information.

As our R&D team develops Rezilion, they occasionally see opportunities to improve and inform the status quo. In this post, our Team Lead, Yuri Shafet, spends some time diving into ptrace — what it is, how to use it to inject arbitrary code into a running process, how to limit ptrace execution and different techniques to dynamically detect it.

Vulnerability management is the process of finding, assessing, remediating and mitigating security weaknesses. The vulnerability management process has as one of its main phases the vulnerability assessment, the step where vulnerabilities in the assets in scope are identified.

Security never rests. Especially at the speed and scale of cloud workloads. Have you heard that VMware announced our collaboration for bringing self-healing as a service for cloud-native workloads communicating via VMware Tanzu Service Mesh, built on VMware NSX? We’ve been getting a lot of questions on the topic and so consider this a first stab at spelling out what we’re doing with Tanzu Service Mesh. You can expect much more detail in the coming weeks.