Security News

With the foundational security provided by Red Hat Enterprise Linux(RHEL), the layered products that run on top, such as Red Hat OpenShift, benefit by inheriting the security technologies provided by RHEL. Red Hat has packaged and delivered trusted Linux content for years and now delivers that same trusted content packaged as Linux containers, through the Red Hat Universal Base Image. This allows enterprises to build a security-focused hybrid cloud, manage and control a hybrid cloud with integrated security, and build, deploy, and run security-focused applications on top of a hybrid cloud using DevSecOps practices.

Pressure on developers to build and deploy software quicker than ever has precipitated the shift to DevSecOps - integrating Development, Security, and Operations to make Application Security an integral part of the software lifecycle. "The rise of automation and componentization in software development has driven a sharp increase in the speed and automation of software security as businesses look to AI and machine learning for flaw identification, threat modeling, and remediation," said Chris Wysopal, CTO at Veracode.

In this Help Net Security interview, Cindy Blake, Senior Security Evangelist at GitLab, talks about the importance of integrating security in DevSecOps and how to overcome the complexity of such integration. The good news is many organizations have shifted security left, or at least started on their journey, in an effort to improve development velocity while also managing security risks - in fact, the survey also found that 35.9% develop software using DevSecOps, as compared to only 27% in 2020.

GrammaTech announced the latest version of SAST platform CodeSonar, which automates the detection of coding defects to accelerate the implementation of DevSecOps methodologies in embedded software development pipelines. GrammaTech CodeSonar now supports all leading development languages in one unified platform and integrates with GitHub Actions to provide native static application security testing capabilities for embedded code.

ZeroNorth announced two trial offerings, its 60-Day AppSec Visualization trial and its 90-Day AppSec Quick Start trial. “Today’s organizations know AppSec is not optional, and many are also...

DevSecOps puts security at the forefront of the development process as a whole, ensuring that good cyber-hygiene remains top-of-mind for developers and operators from start to finish. The Building Security In Maturity Model, a.k.a. BSIMM, is a great resource listing over 120 security best practices, to help development teams keep these measures top of mind when designing their solutions.

At its inaugural Global Partner Virtual Summit, Secure Code Warrior announced significant enhancements to its global partner program, as well as expanded integrations with leading DevSecOps vendors that extend its developer-centric approach to secure coding further into the global developer ecosystem. Pieter Danhieux, CEO and co-founder of Secure Code Warrior, said, "The Warrior Partner Program is a platform to maximise the potential of developer-centric security. By enabling partners to offer or integrate Secure Code Warrior as a core component of their DevSecOps or AppSec solution offerings, we can jointly reach more of the world's 25 million developers as they increase their software security skills."

While the perceived benefits of DevSecOps to both security and DevOps are high, much progress must be made in defining a repeatable and consistent governance model for true DevSecOps to take hold, a ZeroNorth survey of 250 global security, DevOps and IT professionals reveals. Specifically, the survey finds that while 76% of developers and engineers believe DevOps will own AppSec within three years, only 56% of AppSec professionals agree.

As modern infrastructures get more complex everyday, DevOps teams have a hard time tracking infrastructure drift. The multiplicity of parameters turns infrastructure drift into a multidimensional issue as this situation implies tracking changes across a combination of setups over time.

Red Hat announced Red Hat OpenShift Platform Plus, a new edition of the enterprise Kubernetes platform designed to provide a holistic solution to help customers adopt DevSecOps across the entirety of the hybrid cloud. Red Hat OpenShift Kubernetes Engine is the foundational edition of Red Hat OpenShift, delivering enterprise Kubernetes on a foundation of Red Hat Enterprise Linux CoreOS to run containers more securely across the hybrid cloud.