Security News

"In my experience, this is due to the 'I'm from Security and I'm here to save you' mentality that continues to pervade the security industry, and the only way to overcome this is with a big bucket of humility," he noted. "Security has not actually spent the last 20 years doing a good job of 'security things' and we do not have a strong position to say that we have all of the answers. I know that it sounds relatively simplistic, but it really is a case of taking the path of the beginner's mind and working with developers, operators, and DevOps staff to learn their perspective and then apply domain-specific security knowledge."

The SolarWinds supply chain attack and related hacksWhen the week before last FireEye said they've been breached by sophisticated attackers using a "Novel combination of techniques," we wondered what those were. We didn't have to wait long - news of the SolarWinds hack and the consequent revelations about the attackers using the company's products as a stepping stone towards compromising a slew of US government agencies and other targets have revealed some of the attackers' capabilities.

When speed is everything, developers are often reluctant to prioritize security - so how do you make DevSecOps stick with developers? Developers are the key to DevSecOps success and as a result, their approach to security must be consistent.

Join Cobalt for an interactive 1-hour Q&A session that tackles real-life examples of what it takes to achieve DevSecOps maturity. Engineering will be represented by Larry Maccherone, whose extensive experience in lean and agile practices has made him DevSecOps transformation lead at Comcast.

DevSecOps and risk management solutions provider apiiro on Tuesday emerged from stealth mode with $35 million in funding. The company aims to integrate security into design and development, to "Reinvent secure development lifecycle."

20% of security professionals described their organizations' DevSecOps practices as "Mature", while 62% said they are improving practices and 18% as "Immature", a WhiteSource report finds. The survey gathered responses from over 560 developers and application security professionals in North America and Western Europe about the state of DevSecOps implementation in their organizations.

More training on security tools and better performance metrics can accomplish this, according to a new survey. Developers and security analysts are working together on a daily basis to build more secure applications but training is still not a top priority, according to a new survey.

Dr. David Brumley, a professor at Carnegie Mellon University and CEO of ForAllSecure, explains what DevSecOps is and how companies can use it to improve security. What about DevSecOps? What is it, and what does it bring to the party? In this exclusive TechRepublic cyber security video, Dr. David Brumley explains what DevSecOps is and how companies can use it to improve application security.

Dr. David Brumley, a professor at Carnegie Mellon University and CEO of ForAllSecure, explains what DevSecOps is and how companies can use it to improve security.

Steampunk announces another leadership addition to its technology capabilities practice. Alan Crouch recently joined Steampunk as the DevSecOps Practice Lead. "Alan has spent the past two decades of his career at the epicenter for development and security serving in a variety of roles and advocating for DevSecOps long before the concept was coined," said Steampunk CTO Sean Dillon.