Security News

7 DevSecOps myths and how to overcome them
2022-06-22 04:00

DevOps teams have historically viewed security teams as the "Release prevention department" with overly conservative approaches to risk mitigation. Security teams think accelerated software releases pose too great a risk to governance, security and regulatory controls.

DevSecOps glossary: 24 terms security professionals need to know
2022-05-27 19:21

Today, organizations are drifting away from perimeter-based security and toward access-based security. SIEM is a security management approach that combines the functions of security information management and security event management.

How do DevSecOps professionals feel about security becoming an around the clock job?
2022-05-19 03:00

As breaches continue to rise, cybersecurity and development professionals are feeling the pressure to maintain their organizations' security postures. Invicti Security released a report unveiling how developers and security professionals are overworked and understaffed, yet prideful of their roles within their organizations.

How to make DevSecOps a reality
2022-04-28 05:35

Every AppSec leader recognizes and admits that software development is accelerating, and there's no way their current approach is going to keep up. It is much better to prevent incidents than react to them after they have already happened.

GitLab on how DevSecOps can help developers provide security from end-to-end
2022-02-07 23:03

GitLab on how DevSecOps can help developers provide security from end-to-end. TechRepublic's Karen Roby spoke with Jonathan Hunt, VP of security for GitLab, about the security challenges companies face today and how the concept and practice of DevSecOps can help developers build end-to-end security into their applications.

How to tackle hybrid cloud security and DevSecOps
2021-12-21 20:29

With the foundational security provided by Red Hat Enterprise Linux(RHEL), the layered products that run on top, such as Red Hat OpenShift, benefit by inheriting the security technologies provided by RHEL. Red Hat has packaged and delivered trusted Linux content for years and now delivers that same trusted content packaged as Linux containers, through the Red Hat Universal Base Image. This allows enterprises to build a security-focused hybrid cloud, manage and control a hybrid cloud with integrated security, and build, deploy, and run security-focused applications on top of a hybrid cloud using DevSecOps practices.

Shifting security further left: DevSecOps becoming SecDevOps
2021-12-20 05:30

Pressure on developers to build and deploy software quicker than ever has precipitated the shift to DevSecOps - integrating Development, Security, and Operations to make Application Security an integral part of the software lifecycle. "The rise of automation and componentization in software development has driven a sharp increase in the speed and automation of software security as businesses look to AI and machine learning for flaw identification, threat modeling, and remediation," said Chris Wysopal, CTO at Veracode.

Putting the “sec” in DevSecOps: An overall reduction of risk
2021-11-29 06:00

In this Help Net Security interview, Cindy Blake, Senior Security Evangelist at GitLab, talks about the importance of integrating security in DevSecOps and how to overcome the complexity of such integration. The good news is many organizations have shifted security left, or at least started on their journey, in an effort to improve development velocity while also managing security risks - in fact, the survey also found that 35.9% develop software using DevSecOps, as compared to only 27% in 2020.

GrammaTech CodeSonar extends DevSecOps to embedded software development
2021-08-19 02:30

GrammaTech announced the latest version of SAST platform CodeSonar, which automates the detection of coding defects to accelerate the implementation of DevSecOps methodologies in embedded software development pipelines. GrammaTech CodeSonar now supports all leading development languages in one unified platform and integrates with GitHub Actions to provide native static application security testing capabilities for embedded code.

ZeroNorth launches two trial offerings to help progress DevSecOps
2021-08-03 02:00

ZeroNorth announced two trial offerings, its 60-Day AppSec Visualization trial and its 90-Day AppSec Quick Start trial. “Today’s organizations know AppSec is not optional, and many are also...