Security News

GitLab announced on Monday the new GitLab 16 platform, an upgraded and comprehensive AI-driven DevSecOps solution. GitLab 16 includes more than 55 improvements and new features.

Product security teams aim to guarantee the intrinsic reliability of applications. In the DevSecOps approach, each team is responsible for the security of the applications they create.

As their hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production environments, CISOs find it increasingly difficult to keep their software secure, according to Dynatrace. The continued use of siloed tools for development, delivery, and security tasks is hindering the maturity of DevSecOps adoption.

A growing reliance on AI and ML. Among the key findings in GitLab's report was the fact that AI/ML adoption in software development and security workflows continues to accelerate, with 62% of software developers using AI/ML to check code - up from 51% in 2022 - while 53% are using bots in the testing process, compared to 39% last year. In GitLab's 2022 Global DevSecOps Report, 54% of security respondents said they used two to five tools in their workflow, while 35% reported using six to 10; in 2023, these figures were 42% and 43%, respectively.

The push to innovate and create can often drive software developers to move at breakneck speed to deliver new apps, updates and bug fixes - a frenetic pace that can lead to security oversight. DevSecOps - a portmanteau for developers, cybersecurity and operations - is a collaborative method that brings principles of application security into software development and operations with as little friction and as much agility as possible.

Every SOC on the planet is grappling with the challenges of integrating detection techniques and response processes for public cloud computing. This presentation by Rich Mogull, SVP Cloud Security at FireMon, delves into the details with a framework for modernizing response operations, combined with technical details and examples.

Security is the number one driver behind most DevOps and DevSecOps implementations. Only 30% feel confident in the level of collaboration between security and development, 86% experience challenges in their current approaches to security and 51% admit that they don't fully understand how security fits into DevSecOps.

According to the study, only 22% of respondent organizations have developed a formal DevSecOps strategy integrating security into software development lifecycle processes, but an overwhelming percentage of those report a positive impact on accelerating incident detection and response efforts. Based on a survey of 200 DevOps and IT/information security professionals, the report shows that more than half of respondent organizations using DevSecOps tools and processes experienced a significant reduction in incidents that occur in production.

Only 22% of respondent organizations have developed a formal DevSecOps strategy integrating security into software development life cycle processes, a newly released report finds. Although adoption is low for now, the study also confirms potential growth in the industry with 62% of respondents saying their organization is actively evaluating use cases or has plans to implement DevSecOps.

Attackers still exploit Log4Shell on VMware Horizon servers, CISA warnsIf your organization is running VMware Horizon and Unified Access Gateway servers and you haven't implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability in December 2021, you should threat all those systems as compromised, the Cybersecurity and Infrastructure Security Agency has advised on Thursday. 7 DevSecOps myths and how to overcome themBy including security and compliance processes in end-to-end automation, businesses can secure software throughout the whole software supply chain, significantly improve the developer experience, and accelerate safer delivery.