Security News

The Evolution of DevSecOps
2020-06-23 13:00

Balancing cloud security and compliance to support DevOps is critical because the fundamental role of the traditional security teams has changed substantially as more organizations adopt DevOps. Shifting cloud security and compliance "Left"-before runtime-is the most effective way for a security team to adapt and ultimately provide better support to the DevOps team and the organization at large, while seamlessly evolving DevOps into DevSecOps.

Why DevSecOps remains a mirage
2020-06-12 05:30

Despite the rhetoric around DevSecOps, security remains an afterthought when organizations are building software. The surge in web app security breaches in 2019 further solidifies that we are a long way from delivering on the DevSecOps vision.

A strong relationship between security and engineering teams accelerates the transition to DevSecOps
2020-06-09 13:59

Organizations are reporting a strong relationship between security and engineering, with more than three-quarters of respondents to a new report highlighting a transition from DevOps to DevSecOps, according to the pentest as a service platform provider Cobalt.io. "As web applications become more complicated and scanners improve efficiency, this report reveals a widespread need for applying security fundamentals to complex problems," said Vanessa Sauter, security strategy analyst at Cobalt.io, in a statement.

How to Create a Culture of Kick-Ass DevSecOps Engineers
2020-06-01 05:06

DevSecOps has become both a software engineering tactic and a culture that advocates security automation and monitoring throughout the software development lifecycle. Job security for DevSecOps engineers is even more assured, because unlike traditional cybersecurity tactics like vulnerability scanning with an array of software-based tools, DevSecOps requires people who know how to implement security as they code.

How to Create a Culture of Kick-Ass DevSecOps Engineers
2020-06-01 05:06

DevSecOps has become both a software engineering tactic and a culture that advocates security automation and monitoring throughout the software development lifecycle. Job security for DevSecOps engineers is even more assured, because unlike traditional cybersecurity tactics like vulnerability scanning with an array of software-based tools, DevSecOps requires people who know how to implement security as they code.

Unlucky for some, GitLab 13.0 is DevSecOps in a box, but will it play nicely with others?
2020-05-22 13:00

GitLab version 13.0, the company's major release of 2020, is out today. Rival GitHub is the biggest player in online code repositories, with Atlassian's Bitbucket and GitLab also popular.

GitLab survey suggests DevOps is becoming real, while DevSecOps has work to do
2020-05-18 13:00

The good news: Developers are finally having their DevOps day. According to the developers, just 35% of them are deep into DevOps.

DevOps needs to morph into DevSecOps to close security threats in the cloud
2020-05-14 13:30

Everyone is having trouble keeping cloud deployments secure, according to a new report from Oracle and KPMG. The "Threat Report 2020: Addressing Security Configurations Amidst a State of Constant Change" found that 92% of IT professionals do not think their organization is well prepared to secure public cloud services. Misconfigured cloud services are prevalent, problematic, and the top cloud security priority.

Cloud Misconfig Mistakes Show Need For DevSecOps
2020-03-19 14:01

Making better cloud infrastructure deployment choices upfront - and a shift from DevOps teams to DevSecOps - will help businesses better secure information, said Olson. We've been expanding new directions, writing reports about cloud vulnerabilities, cloud threats, IoT vulnerabilities and IoT threats, all sorts of stuff.

Contrast Security simplifies DevSecOps with Route Intelligence
2020-03-18 03:30

Contrast Security, the next-generation software security platform, announced Route Intelligence, a major new capability for application security. When compared to traditional application security approaches, Route Intelligence saves security teams and application development teams massive amounts of time while reducing costs-namely, development teams know exactly what parts of each application have been tested for critical security flaws.