Security News

DevSecOps puts security at the forefront of the development process as a whole, ensuring that good cyber-hygiene remains top-of-mind for developers and operators from start to finish. The Building Security In Maturity Model, a.k.a. BSIMM, is a great resource listing over 120 security best practices, to help development teams keep these measures top of mind when designing their solutions.

At its inaugural Global Partner Virtual Summit, Secure Code Warrior announced significant enhancements to its global partner program, as well as expanded integrations with leading DevSecOps vendors that extend its developer-centric approach to secure coding further into the global developer ecosystem. Pieter Danhieux, CEO and co-founder of Secure Code Warrior, said, "The Warrior Partner Program is a platform to maximise the potential of developer-centric security. By enabling partners to offer or integrate Secure Code Warrior as a core component of their DevSecOps or AppSec solution offerings, we can jointly reach more of the world's 25 million developers as they increase their software security skills."

While the perceived benefits of DevSecOps to both security and DevOps are high, much progress must be made in defining a repeatable and consistent governance model for true DevSecOps to take hold, a ZeroNorth survey of 250 global security, DevOps and IT professionals reveals. Specifically, the survey finds that while 76% of developers and engineers believe DevOps will own AppSec within three years, only 56% of AppSec professionals agree.

As modern infrastructures get more complex everyday, DevOps teams have a hard time tracking infrastructure drift. The multiplicity of parameters turns infrastructure drift into a multidimensional issue as this situation implies tracking changes across a combination of setups over time.

Red Hat announced Red Hat OpenShift Platform Plus, a new edition of the enterprise Kubernetes platform designed to provide a holistic solution to help customers adopt DevSecOps across the entirety of the hybrid cloud. Red Hat OpenShift Kubernetes Engine is the foundational edition of Red Hat OpenShift, delivering enterprise Kubernetes on a foundation of Red Hat Enterprise Linux CoreOS to run containers more securely across the hybrid cloud.

DevSecOps company Sysdig on Wednesday announced becoming a "Unicorn" after raising $188 million in a Series F funding round at a valuation of $1.19 billion. The latest funding round, which brings the total raised by the company to $394 million, was led by Premji Invest & Associates and Third Point Ventures, with participation from Accel, Bain Capital Ventures, DFJ Growth, Glynn Capital, Goldman Sachs, Insight Partners, and Next47.

BoxBoat announced that it is realizing significant managed services revenue growth driven by greater customer adoption of its BoxOps platform. BoxOps is BoxBoat's DevSecOps managed service platform.

Phishers tricking users via fake LinkedIn Private Shared DocumentPhishers are trying to trick users into opening a "LinkedIn Private Shared Document" and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns. Apple details major security, privacy enhancements in its devicesApple has released on Thursday a newer version of its Platform Security Guide, outlining the security and privacy innovations and improvements its users will be able to take advantage of.

DevSecOps company Spectral on Wednesday emerged from stealth mode with $6.2 million in seed funding from Israeli venture capital firms Amiti and MizMaa. Spectral is based in Tel Aviv, Israel, and it was founded in mid-2020 by Dotan Nahum, who will serve as the company's CEO, Lior Reuven, Uri Shamay and Idan Didi.

Palo Alto Networks has described its $156m buy of cloudy DevSecOps biz Bridgecrew as a "Key bet" at a time when the world has never been more reliant on off-premises computing. The buyout was made public early yesterday evening, and Palo Alto said Bridgecrew's "Developer-first infrastructure-as-code security platform" sits well with its Prisma public cloud security product.