Security News
Eficode research indicates that 96% of developers use AI tools, with most coders bypassing security policies to use them. With no standardized AI tool regulations, researchers advocate for stronger governance frameworks and AI security policies in organizations' DevOps strategies to encompass the challenges and opportunities AI presents.
In this Help Net Security interview, Itamar Friedman, CEO of Codium AI, discusses the integration of AI into DevOps practices and its impact on software development processes, particularly in automating code review, ensuring compliance, and improving efficiency. How is AI integrated into DevOps practices, and what are the most significant changes you've observed in software development processes?
Organizations prioritize DevOps automation investments. The biggest barriers preventing organizations from automating new DevOps use cases are security concerns, difficulty operationalizing data, and toolchain complexity.
Misconception #1: GitHub Actions security only means using SCA, SAST tools in CI/CD. When people think about GitHub Actions security, their first thought is about adding security tools, like SCA and SAST tools, in the CI/CD pipeline. GitHub Actions security also extends to securing the CI/CD servers on which GitHub Actions run.
According to the surveyed DevOps and SecOps leaders, 97% are using the technology today, with 74% reporting they feel pressure to use it despite identified security risks. While DevOps and SecOps respondents hold similar outlooks on generative AI in most cases, there are notable differences with regards to adoption and productivity.
Not only are macroeconomic headwinds causing more significant stress for security and DevOps teams, but the increasing number of threats against shrinking teams is causing an uneven playing field. In this Help Net Security video, Ev Kontsevoy, CEO at Teleport, discusses improving DevOps productivity with a focus on security.
GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft's Azure DevOps Services. "GitHub Advanced Security for Azure DevOps can not only help you find secrets that have already been exposed in Azure Repos, but also help you prevent new exposures by blocking any pushes to Azure Repos that contain secrets," says Aaron Hallberg, Director of Product for Azure DevOps, Microsoft.
LastPass disclosed a breach in December where threat actors stole partially encrypted password vault data and customer information. "The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault," reads a new security advisory published today.
As attack surfaces expand and applications become more complex, regular pen tests become a crucial component of a strong web application security posture. Pen testing is often conducted periodically, which results in a "Security sprint" every time a new test is scheduled.
Microsoft is rolling out its usual host of cloud security features and services at this week's Ignite 2022 conference, with the focus on what's happening in and outside the firewall. Protecting against sensitive information being shared by teams is also a theme, according to the show briefing, although some of the newly-announced security features have been previewed with Redmond Microsoft 365 E5 license users.