Collaborate Disseminate
An report from May 2021 has found that 81% of developers admit to knowingly releasing vulnerable apps, and 76% experienced pressure to sacrifice mobile security for expediency. What needs to change so we can break out of this cycle and where does it ne… Continue reading Software development: Why security and constant vigilance are everyone’s responsibilities
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in unde… Continue reading DevSecOps Scanning Challenges & Tips
Developers want to write good code. Secure code. Tools that optimize developer workflows for handling security issues can take a large burden off security practitioners and make triaging, understanding, prioritizing, and resolving vulnerabilities much… Continue reading The Power of Developer-First Security
Engineering and cybersecurity are two distinct disciplines, each demanding its own rigorous education and training. But should there be crossover? Should engineers or engineering students invest in cybersecurity education as well? What are the opportunities for engineers to gain expertise in protecting against threat actors in the software realm? As the world becomes more complex […]
The post The Case for Cybersecurity Education for Engineers appeared first on Security Intelligence.
Continue reading The Case for Cybersecurity Education for Engineers
VMware announced findings from a study on the relationship between IT, security, and development teams as organizations adopt a zero trust security model. The study found that security is still perceived as a barrier in organizations, with 52% of devel… Continue reading The relationship between development and security teams affects speed to market
Digital security incidents involving operational technology (OT) can have big impacts on the physical world. Why are these OT security incidents happening? A lack of understanding of how the different elements of DevSecOps fit together can contribute. This also shows the importance of crossover between engineering and cybersecurity. In March 2021, for instance, Fortinet found […]
The post DevSecOps: How Engineers Benefit From Cybersecurity Education appeared first on Security Intelligence.
Continue reading DevSecOps: How Engineers Benefit From Cybersecurity Education
Many companies today automate their software development life cycle with continuous integration and continuous delivery (CI/CD). It’s part of the broader DevOps movement to speed software development while reducing errors. Continuous integration builds and tests code automatically, while continuous delivery automates the entire software release process up to production. In order to secure it, industry […]
The post How DevSecOps Can Secure Your CI/CD Pipeline appeared first on Security Intelligence.
Continue reading How DevSecOps Can Secure Your CI/CD Pipeline
It’s similar to your home’s security.
SCA stands for Software Composition Analysis, although, this could be more confusing than the acronym.
One hint is in the word composition which can be defined as “the nature of something’s ingredients or component… Continue reading What is SCA security?
In this Help Net Security podcast, Ben Herzberg, Chief Scientist at Satori, explains what DataSecOps is, and illustrates its significance. Here’s a transcript of the podcast for your convenience. Hi, I’m Ben Herzberg, Chief Scientist at Satori. I… Continue reading What is DataSecOps and why it matters
We are just halfway through 2021, and have already seen an exceptional increase in open source malware and novel supply chain attacks. And, they seem to just keep coming.
The post What Constitutes a Software Supply Chain Attack? appeared first … Continue reading What Constitutes a Software Supply Chain Attack?