Collaborate Disseminate
We are just halfway through 2021, and have already seen an exceptional increase in open source malware and novel supply chain attacks. And, they seem to just keep coming.
The post What Constitutes a Software Supply Chain Attack? appeared first … Continue reading What Constitutes a Software Supply Chain Attack?
Recently we partnered with Orasi Software and Saltworks Security to discuss how organizations are using open source software. Saltworks’ Founder and CEO, Dennis Hurst and Sonatype’s, Maury Cupitt, VP, Solutions Architecture, sat down t… Continue reading How to Better Navigate the World of DevSecOps with Sonatype and Saltworks Security
DevSecOps is a hot topic. It’s touted as a utopia where automation saves time and money while cutting risk and reducing dependencies. In reality, without effective oversight, DevSecOps leaves orphaned technologies, unmaintained repositories … Continue reading Getting Your Security Program to Shift Left: Operationalizing Security Controls via DevSecOps
Editor’s Note: Ryan’s story is included in “Epic Failures in DevSecOps, Volume 2”, available for free download.
“It is said in Roman Catholicism that each of the seven deadly sins is uniquely bad. Any time one of these sins are committed, we must… Continue reading Ryan Lockard Names the Seven Deadly Sins of DevSecOps [VIDEO]
Editor’s Note: The chapter, “From Silos to Communities” is included in Epic Failures in DevSecOps, Volume 2, which is available for free download.
“What Bill didn’t talk about was that this pod was technically improving the platform in a wa… Continue reading Sladjana Jovanovic and Bill McArthur Move Silos to Communities [VIDEO]
In the last few years, we’ve continuously been hearing that we should automate, automate, automate. So it might be weird to hear that manual verification still matters. Jeroen Willemsen explains to us why we still need to perform manual chec… Continue reading Why Manual Verification Still Matters
Sonatype is a distributed workforce. Most of us work remotely, and we are hiring. But before you apply, do you know what it means to work on such a team?
The post For Distributed Teams, It’s Not All About the Tools appeared first on Security Boule… Continue reading For Distributed Teams, It’s Not All About the Tools
With thousands of security vulnerabilities reported each month in products ranging from hardware devices to firmware to popular software apps, how does one prioritise what needs the most attention? From a business and project management perspectiv… Continue reading What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?
Since releasing the DevSecOps Reference Architecture last year I’ve received a ton of feedback from the community. I took the feedback and spent some time over the past several months to update the architecture to roll in some of the suggestions. … Continue reading Get the Latest DevSecOps Reference Architecture
Recently, I moderated round table discussions between dozens of CISOs at Evanta CISO Summits in Chicago and Atlanta. My colleague, Michelle Dufty, moderated a similar event in San Francisco.
The post Three DevSecOps Lessons Drawn from Conversation… Continue reading Three DevSecOps Lessons Drawn from Conversations with 45 CISOs