Security News

Key areas that will define the intersection of AI and DevOps
2024-03-01 05:30

Eficode research indicates that 96% of developers use AI tools, with most coders bypassing security policies to use them. With no standardized AI tool regulations, researchers advocate for stronger governance frameworks and AI security policies in organizations' DevOps strategies to encompass the challenges and opportunities AI presents.

AI-driven DevOps: Revolutionizing software engineering practices
2024-02-28 05:00

In this Help Net Security interview, Itamar Friedman, CEO of Codium AI, discusses the integration of AI into DevOps practices and its impact on software development processes, particularly in automating code review, ensuring compliance, and improving efficiency. How is AI integrated into DevOps practices, and what are the most significant changes you've observed in software development processes?

Barriers preventing organizations from DevOps automation
2023-10-03 03:00

Organizations prioritize DevOps automation investments. The biggest barriers preventing organizations from automating new DevOps use cases are security concerns, difficulty operationalizing data, and toolchain complexity.

Securing GitHub Actions for a safer DevOps pipeline
2023-10-02 04:30

Misconception #1: GitHub Actions security only means using SCA, SAST tools in CI/CD. When people think about GitHub Actions security, their first thought is about adding security tools, like SCA and SAST tools, in the CI/CD pipeline. GitHub Actions security also extends to securing the CI/CD servers on which GitHub Actions run.

Generative AI lures DevOps and SecOps into risky territory
2023-09-15 03:30

According to the surveyed DevOps and SecOps leaders, 97% are using the technology today, with 74% reporting they feel pressure to use it despite identified security risks. While DevOps and SecOps respondents hold similar outlooks on generative AI in most cases, there are notable differences with regards to adoption and productivity.

Understanding the interplay between DevOps productivity and security
2023-06-22 04:00

Not only are macroeconomic headwinds causing more significant stress for security and DevOps teams, but the increasing number of threats against shrinking teams is causing an uneven playing field. In this Help Net Security video, Ev Kontsevoy, CEO at Teleport, discusses improving DevOps productivity with a focus on security.

Microsoft, GitHub announce application security testing tools for Azure DevOps
2023-05-24 10:54

GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft's Azure DevOps Services. "GitHub Advanced Security for Azure DevOps can not only help you find secrets that have already been exposed in Azure Repos, but also help you prevent new exposures by blocking any pushes to Azure Repos that contain secrets," says Aaron Hallberg, Director of Product for Azure DevOps, Microsoft.

LastPass: DevOps engineer hacked to steal password vault data in 2022 breach
2023-02-28 01:40

LastPass disclosed a breach in December where threat actors stole partially encrypted password vault data and customer information. "The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault," reads a new security advisory published today.

Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps
2023-02-15 09:28

As attack surfaces expand and applications become more complex, regular pen tests become a crucial component of a strong web application security posture. Pen testing is often conducted periodically, which results in a "Security sprint" every time a new test is scheduled.

Microsoft tries again to ignite interest in DevOps cloud security
2022-10-12 16:30

Microsoft is rolling out its usual host of cloud security features and services at this week's Ignite 2022 conference, with the focus on what's happening in and outside the firewall. Protecting against sensitive information being shared by teams is also a theme, according to the show briefing, although some of the newly-announced security features have been previewed with Redmond Microsoft 365 E5 license users.