DevSecOps

Securing open-source code supply chains may help prevent the next big cyberattack
The headline-making supply chain attack on SolarWinds late last year sent a shock wave through the security community and had many CISOs and security leaders asking: “Is my …

What is challenging secure application development?
A Censuswide report reveals the biggest security challenges that application security (AppSec) managers and software developers are facing within their organizations in …

Software development: Why security and constant vigilance are everyone’s responsibilities
An report from May 2021 has found that 81% of developers admit to knowingly releasing vulnerable apps, and 76% experienced pressure to sacrifice mobile security for …

The relationship between development and security teams affects speed to market
VMware announced findings from a study on the relationship between IT, security, and development teams as organizations adopt a zero trust security model. The study found that …

What is DataSecOps and why it matters
In this Help Net Security podcast, Ben Herzberg, Chief Scientist at Satori, explains what DataSecOps is, and illustrates its significance. Here’s a transcript of the podcast …

Application security approaches broken by rising adoption of cloud-native architectures
The rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security, a survey of 700 CISOs by Coleman …

A leadership guide for mitigating security risks with low code platforms
The low code market continues to grow, increasingly finding adoption for more diverse and serious applications among enterprises and independent software vendors (ISVs). The …

The state of AppSec and the journey to DevSecOps
While the perceived benefits of DevSecOps to both security and DevOps are high, much progress must be made in defining a repeatable and consistent governance model for true …

DevOps didn’t kill WAF, because WAF will never truly die
The web application firewall (WAF) is dead, they say, and DevOps is the culprit, found over the body in the server room with a blade in its hand and splattered code on its …

Infrastructure drift: A multidimensional problem with the need for new DevSecOps tools
As modern infrastructures get more complex everyday, DevOps teams have a hard time tracking infrastructure drift. The multiplicity of factors involved when running …

Digital business requires a security-first mindset
Security is an undeniable necessity for the survival and success of any company. COVID-19 accelerated digital transformation initiatives across all industries and this shift …

The influence of the Agile Manifesto, 20 years on
On 11th February 2001, many software delivery thought leaders came together in Snowbird, Utah, to discuss how to create processes that can enable enterprises to continuously …
Featured news
Resources
Don't miss
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it
- How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)
- RIFT: New open-source tool from Microsoft helps analyze Rust malware