Collaborate Disseminate
Are you in an organization implementing Continuous Delivery? Are you a manager who wants to see your applications respond at the pace of the market – or better, be in front of the market? Do you envision a world where updates are available to cust… Continue reading Advancing Application Delivery
In today’s world, we know that most security breaches occur because of application vulnerabilities. We also know that most typical software applications are, on average, comprised of 85% open source software. These facts are changing the way… Continue reading New Micro Focus, Sonatype Partnership Provides 360 Degree View of AppSec
A great article from 2016 came up in a recent conversation. This article has come up a few times in my conversations about DevSecOps since it was first published. Justin Smith’s The Three R’s of Enterprise Security: Rotate, Repave, and… Continue reading The Three R’s of Software Supply Chains: Reject, Replace, and Respond
About a year ago during my talk at the Nexus User Conference, and during a Virtual Session for RSA Conference APJ, I mentioned that a pipeline shouldn’t fail just because a security vulnerability was detected by scanning tools. That statemen… Continue reading Security Should Stop Being a Drag
How do you get started with DevSecOps?
There is so much to consider — people, processes, tools, and measurement. To help plan and build a DevSecOps practice we’ve offered 40 reference architecture examples. Now, we introduce an interactive … Continue reading Take This Interactive DevSecOps Reference Architecture For a Test Drive
Software development within the federal government often begins with an alignment to the Authorizations to Operate (ATO) and related, required security processes. Sometimes, these are an impediment to DevSecOps. So how can teams implement sound De… Continue reading Continuous Authorization with DevSecOps
Many years ago when I was studying architecture a professor once told the class that, as architects, if we designed a space that a contractor couldn’t fit a hammer into, our best designs would never be built. We needed to understand how our … Continue reading Security Organizations Need to Start Thinking Like Developers
“This is a very important issue. Enterprises are not taking necessary precautions,” our SVP of Strategy and Corporate Development, Bill Karpovich, noted when talking about Fortune 100 cybersecurity.
The post Free Software, But No Free … Continue reading Free Software, But No Free Lunch
Recent malware installed in PyPI underscores the need for code verification at the code repository level to defend the software supply chain.
The post PyPi ‘Cheese Shop’ Malware Illustrates Software Supply Chain Risk Vector appeared fi… Continue reading PyPi ‘Cheese Shop’ Malware Illustrates Software Supply Chain Risk Vector
Oliver Milke (@OliverMilke) of Cloudogu (@Cloudogu) thinks it is time to think differently about the way to provision and operate a DevSecOps toolchain. He outlined his ideas and showed how they could be done, step-by-step, at the Nexus User Confe… Continue reading DevSecOps Without Compromise