Devsecops

Devsecops | News, how-tos, features, reviews, and videos

programming / coding elements / lines of code / development / developers / teamwork
News

Splunk adds new security and observability features

certification woman on laptop programmer devops data scientist by picjumbo
News

Backslash AppSec solution targets toxic code flows, threat model automation

programmer devops certification skills code data scientist student by fatos bytyqi unsplash
News

GitHub begins 2FA rollout for code contributors

GitHub’s 2FA rollout seeks to enhance the security of developer accounts and protect the software supply chain.

shutterstock 1748437547 cloud computing cloud architecture edge computing
News Analysis

Gitpod flaw shows cloud-based development environments need security assessments

The quickly fixed flaw could have allowed attackers to take over accounts in the CDE and perform remote code execution.

Profile photo of a developer / programmer reviewing code on monitors in his workspace.
News Analysis

Malicious package flood on PyPI might be sign of new attacks to come

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.

Person holding phone near a laptop while getting two-factor authentication info
News

Descope launches authentication and user management SaaS

Descope’s first product allows developers to build authentication and user management functions in applications.

Profile photo of a developer / programmer reviewing code on monitors in his workspace.
News

New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs

The OSC&R Framework aims to help security professionals better understand and measure software supply chain risk.

A lost businessman wanders amid conflicting directional signs through the fog.
News Analysis

PyTorch suffers supply chain attack via dependency confusion

A rogue packet on the machine learning framework allowed the attacker to exfiltrate data, including SSH keys.

a hooded figure targets a coding vulnerability
News Analysis

Log4Shell remains a big threat and a common cause for security breaches

Log4Shell is likely to remain a favored vulnerability to exploit as organizations lack visibility into their software supply chains.

noops code developer devops html web developer by mazimusnd getty
News

MTTR “not a viable metric” for complex software system reliability and security

Verica Open Incident Database Report suggests mean time to resolve should be retired and replaced with other metrics more appropriate for software systems and networks.

API security alert / software development / application flow chart diagram
Feature

How Cisco keeps its APIs secure throughout the software development process

Cisco’s API-for-an-API project unifies API security tools and weaves security through all stages of the software process.

programmer certification skills code devops glasses student by kevin unsplash
News

GitHub releases new SDLC security features including private vulnerability reporting

GitHub also announces CodeQL support for Ruby programming language and coverage/risk overviews to help users secure the software development lifecycle.

noops code developer devops html web developer by mazimusnd getty
News

Rezilion expands SBOM to support Windows environments

Organizations can now apply Rezilion’s SBOM to Windows environments to manage software vulnerabilities and meet regulatory standards.

cloud computing / cloud network
News

Qualys previews TotalCloud FlexScan for multicloud security management

Agentless security management system aims to simplify vulnerability management for security teams and developers in cloud and hybrid cloud environments.

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]
News

Azul detects Java vulnerabilities in production apps

Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.

protective shield / binary code / COVID-19 coronavirus morphology
Feature

The OSPO – the front line for secure open-source software supply chain governance

An open-source program office (OSPO) can act as both gatekeeper and evangelist in an organization’s struggle to ensure ubiquitous open-source components – incredibly useful but vulnerable to bad actors and misuse – are deployed safely...

skull and crossbones in binary code
News Analysis

Supply chain attacks increased over 600% this year and companies are falling behind

Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.

programmer certification skills developer devops data scientist laptop by brayden george unsplash
News

GitGuardian adds IaC scanning to code security platform to protect SDLC

Vendor says new infrastructure-as-code (IaC) scanning features will help teams develop and run secure code as software development and supply chain security continues to be high on the agenda.

teamwork / developers / programmers / collaboration / conversation, discussion, gesturing
News

Enterprises embrace devsecops practices against supply chain attacks

Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google Cloud's DORA research...

Profile photo of a developer / programmer reviewing code on monitors in his workspace.
News Analysis

Palo Alto adds software composition analysis to Prisma Cloud to boost open-source security

Palo Alto Networks has added a new SCA solution to Prisma Cloud to help developers safely use open-source software components. The vendor has also introduced a software bill of materials.

Load More