Collaborate Disseminate
“DevSecOps: It works in theory… but does it work in practice?” — Anonymous
DevSecOps is such a new and evolving practice that it is helpful to hear from someone who can articulate, “Yes. DevSecOps works in theory, and in p… Continue reading Nexus Innovator: Ken D’Auria of The Hartford
Editor’s Note: The chapter, “Kill the Restructure” is included in Epic Failures in DevSecOps, Volume 2, which is available for free download.
We see too many enterprises assuming one of the first steps of DevOps is a reorganization. DevOps isn&… Continue reading Kill the Restructure, Says Dr. Cherry Vu and Rob England [VIDEO]
If you’ve been immersed in the Node.js/JavaScript community for awhile, or even if you are just getting started, you are likely using npm audit to scan package dependencies in your projects. It’s easy to stumble upon as part of the ubiquitous npm,… Continue reading Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree
Editor’s Note: This is the first in a series of posts about the 2020 DevSecOps Reference Architecture developed by DJ Schleen. In this series DJ explains various parts of the pipeline architecture.
I just released an updated version of the D… Continue reading Four Common Security Acronyms Explained
Editor’s Note: The chapter, “Question Everything” is included in Epic Failures in DevSecOps, Volume 2, which is available for free download.
In the early days of DevOps there was a saying: ‘I wouldn’t want my life support system developed b… Continue reading Eliza May Austin Asks Us to Question Everything [VIDEO]
Gartner’s recent report Technology Insight for Software Composition Analysis, makes four open-source security recommendations that companies should think about when determining what type of software composition analysis program they want to … Continue reading Gartner: You Must Assess Overall Software Health and Welfare
In October 2018, Bloomberg published an article titled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” that sent shockwaves around the world. The implication – Chinese spies infiltrated nearly 30 U.S. companies… Continue reading The “Big Hack” That Actually Happened – Chinese Military Implicated in Equifax Breach
In this article we are going to explore how you can publish your Java artifacts (.ear, .jar, .war) to Nexus 3 using Jenkins and Maven.
For this I have created a docker compose file which comes with Nexus and Jenkins. Let’s take into considerations… Continue reading How to Publish Java Artifacts to Nexus Using Jenkins and Maven
Recently, I moderated round table discussions between dozens of CISOs at Evanta CISO Summits in Chicago and Atlanta. My colleague, Michelle Dufty, moderated a similar event in San Francisco.
The post Three DevSecOps Lessons Drawn from Conversation… Continue reading Three DevSecOps Lessons Drawn from Conversations with 45 CISOs
Everyone knows that when the boss is happy, you’re happy.
David Radford-Grant knows more about this than the average person, and for good reason. He is someone with a unique view into employee moods and behavior. That’s because, a… Continue reading Nexus Innovator: David Radford-Grant of Achievers