Security News
If DevOps represents the union of people, process, and technology to continually provide value to customers, then DevSecOps represents the fusion of value and security provided to those same customers. DevSecOps incorporates discrete security elements and capabilities throughout the development process; "Security as code" is the hymn recited by development and security operations teams alike.
What is DevSecOps? Simply put, it is the merging of DevOps and security processes to ensure code is secure from development through to testing and deployment. "To help enterprises tighten their security, the US Defense Department defined it in detail last August [PDF] as a"an organizational software engineering culture and practice that aims at unifying software development, security and operations.
When Jordan Liggitt at Google posted details of a serious Kubernetes vulnerability in November 2018, it was a wake-up call for security teams ignoring the risks that came with adopting a cloud-native infrastructure without putting security at the heart of the whole endeavor. There has been the runc container exploit in February, which allowed a malicious container to overwrite the runc binary and gain root on the container host.
DevOps started in 2009 and over a decade later we are still stuck in the DEVops phase. Will 2020 be the year of true DevOps, and will 2021 be the year of DevSecOps?
While organizations shift their applications to microservices environments, the responsibility for securing these environments shifts as well, Radware reveals. The rapid expansion of the...
Johnathan Nicholson, Former Interac CISO, on How to Change the CultureHow can organizations overcome resistance to implementing DevSecOps? Johnathan Nicholson, former CISO at Interac, the Canadian...
Only 8 percent of companies are securing 75 percent or more of their cloud-native applications with DevSecOps practices today, with that number jumping to 68 percent of companies securing 75...
There has been a significant year-over-year growth in enterprise usage trends around multi-cloud adoption, open source technologies such as Kubernetes, and AWS cloud-native services adoption, Sumo...