DevSecOps

How to implement security into software design from the get-go
Software professionals know that the working relationship between developers and security teams can be complicated. Most security professionals feel it’s part of a …

Putting the “sec” in DevSecOps: An overall reduction of risk
In this Help Net Security interview, Cindy Blake, Senior Security Evangelist at GitLab, talks about the importance of integrating security in DevSecOps and how to overcome the …

Securing open-source code supply chains may help prevent the next big cyberattack
The headline-making supply chain attack on SolarWinds late last year sent a shock wave through the security community and had many CISOs and security leaders asking: “Is my …

What is challenging secure application development?
A Censuswide report reveals the biggest security challenges that application security (AppSec) managers and software developers are facing within their organizations in …

Software development: Why security and constant vigilance are everyone’s responsibilities
An report from May 2021 has found that 81% of developers admit to knowingly releasing vulnerable apps, and 76% experienced pressure to sacrifice mobile security for …

The relationship between development and security teams affects speed to market
VMware announced findings from a study on the relationship between IT, security, and development teams as organizations adopt a zero trust security model. The study found that …

What is DataSecOps and why it matters
In this Help Net Security podcast, Ben Herzberg, Chief Scientist at Satori, explains what DataSecOps is, and illustrates its significance. Here’s a transcript of the podcast …

Application security approaches broken by rising adoption of cloud-native architectures
The rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security, a survey of 700 CISOs by Coleman …

A leadership guide for mitigating security risks with low code platforms
The low code market continues to grow, increasingly finding adoption for more diverse and serious applications among enterprises and independent software vendors (ISVs). The …

The state of AppSec and the journey to DevSecOps
While the perceived benefits of DevSecOps to both security and DevOps are high, much progress must be made in defining a repeatable and consistent governance model for true …

DevOps didn’t kill WAF, because WAF will never truly die
The web application firewall (WAF) is dead, they say, and DevOps is the culprit, found over the body in the server room with a blade in its hand and splattered code on its …

Infrastructure drift: A multidimensional problem with the need for new DevSecOps tools
As modern infrastructures get more complex everyday, DevOps teams have a hard time tracking infrastructure drift. The multiplicity of factors involved when running …