Governments around the world are turning to contact tracing apps to combat the spread of Covid-19. However, privacy concerns are well known because they are shared with other types of apps that use a centralized data storage model.
Bolting on security as a phase in the DevOps process, or after, misses out on the bigger picture approach that security can provide across code, clouds and infrastructure. Instead, it is worth spending the time to build security into the development process.
Over the last two decades, the world has seen an increase in more sophisticated and more highly funded threat actors. Whereas lower-level threats attempt to breach security through sheer volume of attacks, these advanced actors are more persistent and methodical.
Security can no longer afford to be at the end of the DevOps process. It needs to be integrated into every step of both development and operations to eliminate vulnerabilities before the application is shipped. In essence, DevOps needs to evolve into DevSecOps.
When there is a security flaw in an Internet of Things system, thousands of devices can be vulnerable. We spoke to Christoph Engelbert who shared tips on how to secure IoT systems both on the hardware and the software side—and why it can be incredibly helpful to ask hacker groups for assistance.
The stakes are higher. Security must be the number one priority. Agile, MicroServices and DevOps are all disciplines that have worked hard to increase the rate at which software can adapt to changing business requirements. How do we bake security into the mix so we don’t end up adding it badly in a rush at the end? The answer is DevSecOps.
DevSecOps isn’t always about success. Senior IT Security Consultant at mgm security partners, Maximiliane Zirm shares the successes, mistakes, and lessons learned in the area of DevSecOps during a large project What’s the verdict: Just how practical is DevSecOps? Find out in this field report from DevOpsCon.
Over the course of its 20-year history, it is clear that Java’s success, and security, has developed due to its continual reinvention, adaptation, and evolution through the works of its community. This article will explore some key innovations and milestones in Java’s history, and explain how they connect with its continued efforts to remain secure through its lifespan.
The Python Software Foundation members have been working on improving the Python Package Index (PyPI). In 2018, they announced that Facebook Research was funding security improvements, so let’s see how far they have come and what future plans they have.
Over the past thirty years, the shift from proprietary, to freemium, to open source software has changed decision-making within companies. Now, the bottom-up decision-making models are commonplace, but often security teams are left on the outside looking in. This article examines four use cases to empower developers with open source secrets management.
Is your organization prepared for security incidents? Dispatch has come to the rescue. The orchestration framework was developed by Netflix and recently released open source. It integrates with popular tools like Jira, Slack and GSuite to help you manage and keep track of incidents.
WordPress is the most widely-used content management system in the world, powering over 35% of all websites. However, many pre-existing WordPress sites have a number of security flaws. Find out how web developers can overhaul an existing WordPress site into tip-top shape and how to handle potential security concerns.
In this article, we’ll take a look at five principles that should be followed when coding in Java in 2020. Ideally, these principles should be integrated into a DevSecOps process, in which security is built into development from the ground up, but they are equally useful for auditing legacy code.
Secure Software Development Lifecycle (Secure SDLC) is a key focus area for product engineering organizations. Adopting security as a part of the development process to reduce the risk of vulnerabilities and threats, leads to reduced security incidents and damages. This article presents an uncomplicated view of Secure SDLC for practitioners – Engineering leaders, Product Managers, and Process Leads.
