Security News

DevOps teams have historically viewed security teams as the "Release prevention department" with overly conservative approaches to risk mitigation. Security teams think accelerated software releases pose too great a risk to governance, security and regulatory controls.

Today, organizations are drifting away from perimeter-based security and toward access-based security. SIEM is a security management approach that combines the functions of security information management and security event management.

As breaches continue to rise, cybersecurity and development professionals are feeling the pressure to maintain their organizations' security postures. Invicti Security released a report unveiling how developers and security professionals are overworked and understaffed, yet prideful of their roles within their organizations.

Every AppSec leader recognizes and admits that software development is accelerating, and there's no way their current approach is going to keep up. It is much better to prevent incidents than react to them after they have already happened.

GitLab on how DevSecOps can help developers provide security from end-to-end. TechRepublic's Karen Roby spoke with Jonathan Hunt, VP of security for GitLab, about the security challenges companies face today and how the concept and practice of DevSecOps can help developers build end-to-end security into their applications.

With the foundational security provided by Red Hat Enterprise Linux(RHEL), the layered products that run on top, such as Red Hat OpenShift, benefit by inheriting the security technologies provided by RHEL. Red Hat has packaged and delivered trusted Linux content for years and now delivers that same trusted content packaged as Linux containers, through the Red Hat Universal Base Image. This allows enterprises to build a security-focused hybrid cloud, manage and control a hybrid cloud with integrated security, and build, deploy, and run security-focused applications on top of a hybrid cloud using DevSecOps practices.

Pressure on developers to build and deploy software quicker than ever has precipitated the shift to DevSecOps - integrating Development, Security, and Operations to make Application Security an integral part of the software lifecycle. "The rise of automation and componentization in software development has driven a sharp increase in the speed and automation of software security as businesses look to AI and machine learning for flaw identification, threat modeling, and remediation," said Chris Wysopal, CTO at Veracode.

In this Help Net Security interview, Cindy Blake, Senior Security Evangelist at GitLab, talks about the importance of integrating security in DevSecOps and how to overcome the complexity of such integration. The good news is many organizations have shifted security left, or at least started on their journey, in an effort to improve development velocity while also managing security risks - in fact, the survey also found that 35.9% develop software using DevSecOps, as compared to only 27% in 2020.

GrammaTech announced the latest version of SAST platform CodeSonar, which automates the detection of coding defects to accelerate the implementation of DevSecOps methodologies in embedded software development pipelines. GrammaTech CodeSonar now supports all leading development languages in one unified platform and integrates with GitHub Actions to provide native static application security testing capabilities for embedded code.

ZeroNorth announced two trial offerings, its 60-Day AppSec Visualization trial and its 90-Day AppSec Quick Start trial. “Today’s organizations know AppSec is not optional, and many are also...