If your organization does software development in-house, there are a myriad of development workflows and processes to choose from. Some organizations still implement old-school waterfall development workflows; some are agile shops. In terms of process, some have adopted DevOps, and some integrate security testing into...
DevOps started in 2009 and over a decade later we are still stuck in the DEVops phase. Will 2020 be the year of true DevOps, and will 2021 be the year of DevSecOps?
DevOps is a cultural change made possible by a series of tools that automate code development. It's supposed to be the next step of evolution, unifying...
Digital transformation to the cloud has resulted in increased dependency on third-party vendors to manage security tasks. This means managing the security risks involved is becoming a bigger challenge. Many organizations still have a long way to go in strengthening governance when it comes to vendor management as they...
The DevSecOps community has rapidly expanded in the past handful of years, while pursuing security practices that run within high velocity, collaborative, and integrated environments. This survey serves to help identify the challenges, successes, and adaptations that many organizations work through.
Download this...
Large or small, enterprises from all sectors are dealing with the same vulnerabilities in open source code. The difference: the scale of the problem. DJ Schleen of Sonatype discusses insights from the latest ISMG roundtable dinner.
As part of a multi-city tour, ISMG and Sonatype visited Atlanta recently for an engaging discussion on how to mitigate risks introduced by open source code. Here's a conversation with DevOps advocate Derek Weeks.
How can organizations overcome resistance to implementing DevSecOps? Johnathan Nicholson, former CISO at Interac, the Canadian interbank network, provides insights.
Code reuse kills - software quality, that is, according to a new study of C++ code snippets shared on Stack Overflow that were reused in more than 2,800 GitHub projects. But there's help for organizations that want to support their developers' urge to cut and paste prewritten code snippets.
Moving your network to the cloud offers many security benefits, cost savings and business agility. However, understanding risks within cloud networks can be a major challenge for security teams too often on the sidelines of cloud deployments and devops processes.
In this webinar, Skybox® Security Threat...
Moving your network to the cloud offers many security benefits, cost savings and business agility. However, understanding risks within cloud networks can be a major challenge for security teams too often on the sidelines of cloud deployments and devops processes.
In this webinar, Skybox® Security Threat...
DevOps is a cultural movement that was started in order to remove silos and enhance how teams collaborate and the role people, process and tech plays in this space. But now we are in the era of DevSecOps, which inserts cybersecurity smack in the middle of this culture - and natural tensions emerge. In this exclusive...
Some security experts have prophesied the demise of traditional Intrusion Detection and Prevention Systems (IDPS) for almost 20 years, but this cornerstone of network security continues to soldier on. While next-generation firewalls have added IDPS functionality, they are driven more by policies than true threat...
Since at least 2016, hacked websites have targeted zero-day flaws in current versions of Apple iOS to surreptitiously implant data-stealing and location-tracking malware, says Google's Project Zero team. Apple patched the latest vulnerabilities in February.
Security operations (SecOps) and network teams (NetOps) have traditionally acted separately, but increasing IT complexity and scale means that aligning these two groups is a critical step towards delivering a fast and secure user experience.
A recent global SANS Institute survey found that only 30 percent of SecOps...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
