Security News

Red Hat announced Red Hat OpenShift Platform Plus, a new edition of the enterprise Kubernetes platform designed to provide a holistic solution to help customers adopt DevSecOps across the entirety of the hybrid cloud. Red Hat OpenShift Kubernetes Engine is the foundational edition of Red Hat OpenShift, delivering enterprise Kubernetes on a foundation of Red Hat Enterprise Linux CoreOS to run containers more securely across the hybrid cloud.

DevSecOps company Sysdig on Wednesday announced becoming a "Unicorn" after raising $188 million in a Series F funding round at a valuation of $1.19 billion. The latest funding round, which brings the total raised by the company to $394 million, was led by Premji Invest & Associates and Third Point Ventures, with participation from Accel, Bain Capital Ventures, DFJ Growth, Glynn Capital, Goldman Sachs, Insight Partners, and Next47.

BoxBoat announced that it is realizing significant managed services revenue growth driven by greater customer adoption of its BoxOps platform. BoxOps is BoxBoat's DevSecOps managed service platform.

Phishers tricking users via fake LinkedIn Private Shared DocumentPhishers are trying to trick users into opening a "LinkedIn Private Shared Document" and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns. Apple details major security, privacy enhancements in its devicesApple has released on Thursday a newer version of its Platform Security Guide, outlining the security and privacy innovations and improvements its users will be able to take advantage of.

DevSecOps company Spectral on Wednesday emerged from stealth mode with $6.2 million in seed funding from Israeli venture capital firms Amiti and MizMaa. Spectral is based in Tel Aviv, Israel, and it was founded in mid-2020 by Dotan Nahum, who will serve as the company's CEO, Lior Reuven, Uri Shamay and Idan Didi.

Palo Alto Networks has described its $156m buy of cloudy DevSecOps biz Bridgecrew as a "Key bet" at a time when the world has never been more reliant on off-premises computing. The buyout was made public early yesterday evening, and Palo Alto said Bridgecrew's "Developer-first infrastructure-as-code security platform" sits well with its Prisma public cloud security product.

"In my experience, this is due to the 'I'm from Security and I'm here to save you' mentality that continues to pervade the security industry, and the only way to overcome this is with a big bucket of humility," he noted. "Security has not actually spent the last 20 years doing a good job of 'security things' and we do not have a strong position to say that we have all of the answers. I know that it sounds relatively simplistic, but it really is a case of taking the path of the beginner's mind and working with developers, operators, and DevOps staff to learn their perspective and then apply domain-specific security knowledge."

The SolarWinds supply chain attack and related hacksWhen the week before last FireEye said they've been breached by sophisticated attackers using a "Novel combination of techniques," we wondered what those were. We didn't have to wait long - news of the SolarWinds hack and the consequent revelations about the attackers using the company's products as a stepping stone towards compromising a slew of US government agencies and other targets have revealed some of the attackers' capabilities.

When speed is everything, developers are often reluctant to prioritize security - so how do you make DevSecOps stick with developers? Developers are the key to DevSecOps success and as a result, their approach to security must be consistent.

Join Cobalt for an interactive 1-hour Q&A session that tackles real-life examples of what it takes to achieve DevSecOps maturity. Engineering will be represented by Larry Maccherone, whose extensive experience in lean and agile practices has made him DevSecOps transformation lead at Comcast.