Security News

DevSecOps and risk management solutions provider apiiro on Tuesday emerged from stealth mode with $35 million in funding. The company aims to integrate security into design and development, to "Reinvent secure development lifecycle."

20% of security professionals described their organizations' DevSecOps practices as "Mature", while 62% said they are improving practices and 18% as "Immature", a WhiteSource report finds. The survey gathered responses from over 560 developers and application security professionals in North America and Western Europe about the state of DevSecOps implementation in their organizations.

More training on security tools and better performance metrics can accomplish this, according to a new survey. Developers and security analysts are working together on a daily basis to build more secure applications but training is still not a top priority, according to a new survey.

Dr. David Brumley, a professor at Carnegie Mellon University and CEO of ForAllSecure, explains what DevSecOps is and how companies can use it to improve security. What about DevSecOps? What is it, and what does it bring to the party? In this exclusive TechRepublic cyber security video, Dr. David Brumley explains what DevSecOps is and how companies can use it to improve application security.

Dr. David Brumley, a professor at Carnegie Mellon University and CEO of ForAllSecure, explains what DevSecOps is and how companies can use it to improve security.

Steampunk announces another leadership addition to its technology capabilities practice. Alan Crouch recently joined Steampunk as the DevSecOps Practice Lead. "Alan has spent the past two decades of his career at the epicenter for development and security serving in a variety of roles and advocating for DevSecOps long before the concept was coined," said Steampunk CTO Sean Dillon.

Balancing cloud security and compliance to support DevOps is critical because the fundamental role of the traditional security teams has changed substantially as more organizations adopt DevOps. Shifting cloud security and compliance "Left"-before runtime-is the most effective way for a security team to adapt and ultimately provide better support to the DevOps team and the organization at large, while seamlessly evolving DevOps into DevSecOps.

Despite the rhetoric around DevSecOps, security remains an afterthought when organizations are building software. The surge in web app security breaches in 2019 further solidifies that we are a long way from delivering on the DevSecOps vision.

Organizations are reporting a strong relationship between security and engineering, with more than three-quarters of respondents to a new report highlighting a transition from DevOps to DevSecOps, according to the pentest as a service platform provider Cobalt.io. "As web applications become more complicated and scanners improve efficiency, this report reveals a widespread need for applying security fundamentals to complex problems," said Vanessa Sauter, security strategy analyst at Cobalt.io, in a statement.

DevSecOps has become both a software engineering tactic and a culture that advocates security automation and monitoring throughout the software development lifecycle. Job security for DevSecOps engineers is even more assured, because unlike traditional cybersecurity tactics like vulnerability scanning with an array of software-based tools, DevSecOps requires people who know how to implement security as they code.