Security News

DevSecOps has become both a software engineering tactic and a culture that advocates security automation and monitoring throughout the software development lifecycle. Job security for DevSecOps engineers is even more assured, because unlike traditional cybersecurity tactics like vulnerability scanning with an array of software-based tools, DevSecOps requires people who know how to implement security as they code.

GitLab version 13.0, the company's major release of 2020, is out today. Rival GitHub is the biggest player in online code repositories, with Atlassian's Bitbucket and GitLab also popular.

The good news: Developers are finally having their DevOps day. According to the developers, just 35% of them are deep into DevOps.

Everyone is having trouble keeping cloud deployments secure, according to a new report from Oracle and KPMG. The "Threat Report 2020: Addressing Security Configurations Amidst a State of Constant Change" found that 92% of IT professionals do not think their organization is well prepared to secure public cloud services. Misconfigured cloud services are prevalent, problematic, and the top cloud security priority.

Making better cloud infrastructure deployment choices upfront - and a shift from DevOps teams to DevSecOps - will help businesses better secure information, said Olson. We've been expanding new directions, writing reports about cloud vulnerabilities, cloud threats, IoT vulnerabilities and IoT threats, all sorts of stuff.

Contrast Security, the next-generation software security platform, announced Route Intelligence, a major new capability for application security. When compared to traditional application security approaches, Route Intelligence saves security teams and application development teams massive amounts of time while reducing costs-namely, development teams know exactly what parts of each application have been tested for critical security flaws.

If DevOps represents the union of people, process, and technology to continually provide value to customers, then DevSecOps represents the fusion of value and security provided to those same customers. DevSecOps incorporates discrete security elements and capabilities throughout the development process; "Security as code" is the hymn recited by development and security operations teams alike.

What is DevSecOps? Simply put, it is the merging of DevOps and security processes to ensure code is secure from development through to testing and deployment. "To help enterprises tighten their security, the US Defense Department defined it in detail last August [PDF] as a"an organizational software engineering culture and practice that aims at unifying software development, security and operations.

When Jordan Liggitt at Google posted details of a serious Kubernetes vulnerability in November 2018, it was a wake-up call for security teams ignoring the risks that came with adopting a cloud-native infrastructure without putting security at the heart of the whole endeavor. There has been the runc container exploit in February, which allowed a malicious container to overwrite the runc binary and gain root on the container host.