Kevin Bocek discussed security with us, including the impact of a successful software supply chain attack, what security best practices we should all follow, and the difference between human and machine identity. Kevin shares his knowledge from over 16 years of experience in IT security.
Securing sensitive data (called “secrets”) — such as passwords, machine credentials, and API keys — is not always simple to manage manually, especially at an enterprise scale. This article explores the importance of secrets management, and how Puppet and HashiCorp Vault adds an extra layer of protection as you continue to build out your cybersecurity strategy.
Contrast Security announced Contrast Scan, a new tool that will help teams improve team’s security by quickly finding and identifying vulnerabilities and insecure code. We spoke with Steve Wilson, Chief Product Officer at Contrast Security about the release and security best practices.
Before 2011, certificate lifespans ran as long as a decade. In 2012, they were shortened to five years. In 2015, that became three years and in 2018, two years. As of September 2020, that became just one year. Certificate lifespans are likely to get even shorter down the line.
It’s been three years since the GDPR was enforced. Compliance with the EU data privacy regulation remains an ongoing challenge for organisations as do raising cyber security expectations and threats. Industry experts in the technology and software space share their reflections.
As digital transformation efforts advance and cloud-native becomes more popular, the role of application security within cloud-native architectures needs to become a priority. So, when looking at how to best secure these complex, cloud-native applications, where should development teams start?
We spoke with Veselin Pizurica, CTO and co-founder of Waylay about the serverless paradigm. What concerns do enterprises have regarding serverless adoption and security issues, how can they achieve monitoring and observability of serverless applications, and how will the world of serverless evolve?
The difficulties with handling secrets and access details can lead to three major issues for developers: leaks and breaches, secret sprawl, and unproductiveness. This article takes a look at each of these issues and how you can block attacks on your processes and personal workstations.
We spoke with Jyoti Bansal, CEO of Traceable and Harness, Brian Fox, CTO and Cofounder of Sonatype, and Jeff Hudson, CEO of Venafi about the SolarWinds hack and cybersecurity. Learn about the security behind a software bill of materials, and what developers can do to protect themselves from cyberattacks.
Through DevSecOps, the traditional security engagement turns into proactive security measures integrated within the software development life cycle (SDLC). Thanks to this evolved approach, both continuous integration (CI) and continuous delivery (CD) approaches facilitate continuous testing and evaluation of the software code all through the development process.
The future is passwordless – at least that is what current market developments speak for. Even better digital identities and available biometric technology facilitate secure access to online services without the need for cryptic strings. But there are several pitfalls on the way to a passwordless infrastructure. Guest author Al Lakhani shows what to avoid.
The world of cybersecurity is rapidly becoming an ML arms race, where security pros arm themselves with ML and AI-enhanced defensive tools, while the bad guys use the technology to amplify the threat they pose. See what open source machine learning project is helping hunt security flaws.
After one of the most tumultuous years in recent history, it’s necessary that we take the time to consider what data privacy means in the new context we find ourselves in. With more consumers relying on online services to do everything from their weekly shop to socializing, and more businesses migrating operations into the cloud to support working from home, it’s clear that the integrity of data is more important now than it ever has been.
End-to-end security has to be built in from the start when building, shipping and running containers, so that everyone taking advantage of the technology can benefit. By designing container security to work with developers in their natural workflows, everyone can safely derive value.
