Security News

The same digital automation tools that have revolutionized workflows for developers are creating an uphill battle regarding security. From data breaches and cyberattacks to compliance concerns, the stakes have never been higher for enterprises to establish a robust and comprehensive security strategy.

DevSecOps, short for Development, Security, and Operations, is an approach that emphasizes the integration of security practices and principles into every stage of the software development lifecycle. It aims to bridge the gap between development teams, security teams, and operations teams, fostering collaboration and shared responsibility for the security of software applications.

GitLab announced on Monday the new GitLab 16 platform, an upgraded and comprehensive AI-driven DevSecOps solution. GitLab 16 includes more than 55 improvements and new features.

Product security teams aim to guarantee the intrinsic reliability of applications. In the DevSecOps approach, each team is responsible for the security of the applications they create.

As their hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production environments, CISOs find it increasingly difficult to keep their software secure, according to Dynatrace. The continued use of siloed tools for development, delivery, and security tasks is hindering the maturity of DevSecOps adoption.

A growing reliance on AI and ML. Among the key findings in GitLab's report was the fact that AI/ML adoption in software development and security workflows continues to accelerate, with 62% of software developers using AI/ML to check code - up from 51% in 2022 - while 53% are using bots in the testing process, compared to 39% last year. In GitLab's 2022 Global DevSecOps Report, 54% of security respondents said they used two to five tools in their workflow, while 35% reported using six to 10; in 2023, these figures were 42% and 43%, respectively.

The push to innovate and create can often drive software developers to move at breakneck speed to deliver new apps, updates and bug fixes - a frenetic pace that can lead to security oversight. DevSecOps - a portmanteau for developers, cybersecurity and operations - is a collaborative method that brings principles of application security into software development and operations with as little friction and as much agility as possible.

Every SOC on the planet is grappling with the challenges of integrating detection techniques and response processes for public cloud computing. This presentation by Rich Mogull, SVP Cloud Security at FireMon, delves into the details with a framework for modernizing response operations, combined with technical details and examples.

Security is the number one driver behind most DevOps and DevSecOps implementations. Only 30% feel confident in the level of collaboration between security and development, 86% experience challenges in their current approaches to security and 51% admit that they don't fully understand how security fits into DevSecOps.

According to the study, only 22% of respondent organizations have developed a formal DevSecOps strategy integrating security into software development lifecycle processes, but an overwhelming percentage of those report a positive impact on accelerating incident detection and response efforts. Based on a survey of 200 DevOps and IT/information security professionals, the report shows that more than half of respondent organizations using DevSecOps tools and processes experienced a significant reduction in incidents that occur in production.