Collaborate Disseminate
This Spring, the National Institute of Standards and Technology (NIST), released updated recommendations (.pdf) to improve software resilience against vulnerabilities. This builds on an earlier, four-part framework released last year.
As the depar… Continue reading NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities
In my last post, Jenkins X — Managing Jenkins, I talked about how we manage our Jenkins server. This time around, I’ll be looking at the Nexus server and how it too can be similarly managed.
Current Status
Jenkins X comes with an optio… Continue reading Managing Nexus API Using Jenkins X
In the last few years, we’ve continuously been hearing that we should automate, automate, automate. So it might be weird to hear that manual verification still matters. Jeroen Willemsen explains to us why we still need to perform manual chec… Continue reading Why Manual Verification Still Matters
“Equality is not a women’s issue, it’s a business issue.” — International Women’s Day website
International Women’s Day began in America in 1911; today, millions of people around the globe mark March 8 as a day of action t… Continue reading “Each for Equal”: 2020 International Women’s Day Theme Resonates in DevSecOps Because It Is a Business Issue
If you’ve been immersed in the Node.js/JavaScript community for awhile, or even if you are just getting started, you are likely using npm audit to scan package dependencies in your projects. It’s easy to stumble upon as part of the ubiquitous npm,… Continue reading Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree
Sonatype is a distributed workforce. Most of us work remotely, and we are hiring. But before you apply, do you know what it means to work on such a team?
The post For Distributed Teams, It’s Not All About the Tools appeared first on Security Boule… Continue reading For Distributed Teams, It’s Not All About the Tools
Gartner’s recent report Technology Insight for Software Composition Analysis, makes four open-source security recommendations that companies should think about when determining what type of software composition analysis program they want to … Continue reading Gartner: You Must Assess Overall Software Health and Welfare
Shortly after watching the documentary, Code Rush, I met with Tara Hernandez, the hockey stick carrying lead of the Netscape project that was being documented.
The post Tara Hernandez Talks Code Rush, Google, DevOps appeared first on Security Boul… Continue reading Tara Hernandez Talks Code Rush, Google, DevOps
Last week, reports, like this one from Dark Reading, surfaced a remotely exploitable bug found in Facebook’s popular WhatsApp chat app, that spies on users and specifically targeted human rights groups. Facebook patched the flaw last week in… Continue reading What Developers Need to Know About WhatsApp’s Recent Security Dilemma
The month of October is dedicated to intimate gatherings of DevSecOps professionals, thought leaders, and decision makers in cities across North America and Europe.
Participants tell us that these forums and roundtables foster dynamic, collaborati… Continue reading Sonatype Hosts Global Gatherings of DevSecOps Leaders and Innovators