The difficulties with handling secrets and access details can lead to three major issues for developers: leaks and breaches, secret sprawl, and unproductiveness. This article takes a look at each of these issues and how you can block attacks on your processes and personal workstations.
We spoke with Jyoti Bansal, CEO of Traceable and Harness, Brian Fox, CTO and Cofounder of Sonatype, and Jeff Hudson, CEO of Venafi about the SolarWinds hack and cybersecurity. Learn about the security behind a software bill of materials, and what developers can do to protect themselves from cyberattacks.
Through DevSecOps, the traditional security engagement turns into proactive security measures integrated within the software development life cycle (SDLC). Thanks to this evolved approach, both continuous integration (CI) and continuous delivery (CD) approaches facilitate continuous testing and evaluation of the software code all through the development process.
The future is passwordless – at least that is what current market developments speak for. Even better digital identities and available biometric technology facilitate secure access to online services without the need for cryptic strings. But there are several pitfalls on the way to a passwordless infrastructure. Guest author Al Lakhani shows what to avoid.
The world of cybersecurity is rapidly becoming an ML arms race, where security pros arm themselves with ML and AI-enhanced defensive tools, while the bad guys use the technology to amplify the threat they pose. See what open source machine learning project is helping hunt security flaws.
After one of the most tumultuous years in recent history, it’s necessary that we take the time to consider what data privacy means in the new context we find ourselves in. With more consumers relying on online services to do everything from their weekly shop to socializing, and more businesses migrating operations into the cloud to support working from home, it’s clear that the integrity of data is more important now than it ever has been.
End-to-end security has to be built in from the start when building, shipping and running containers, so that everyone taking advantage of the technology can benefit. By designing container security to work with developers in their natural workflows, everyone can safely derive value.
Privacy is a human right. With blockchain technology, a true decentralized process governs actions such as uploading or deleting data, preventing the information from being controlled by specific entities and their opaque practices.
Governments around the world are turning to contact tracing apps to combat the spread of Covid-19. However, privacy concerns are well known because they are shared with other types of apps that use a centralized data storage model.
Bolting on security as a phase in the DevOps process, or after, misses out on the bigger picture approach that security can provide across code, clouds and infrastructure. Instead, it is worth spending the time to build security into the development process.
Over the last two decades, the world has seen an increase in more sophisticated and more highly funded threat actors. Whereas lower-level threats attempt to breach security through sheer volume of attacks, these advanced actors are more persistent and methodical.
Security can no longer afford to be at the end of the DevOps process. It needs to be integrated into every step of both development and operations to eliminate vulnerabilities before the application is shipped. In essence, DevOps needs to evolve into DevSecOps.
When there is a security flaw in an Internet of Things system, thousands of devices can be vulnerable. We spoke to Christoph Engelbert who shared tips on how to secure IoT systems both on the hardware and the software side—and why it can be incredibly helpful to ask hacker groups for assistance.
The stakes are higher. Security must be the number one priority. Agile, MicroServices and DevOps are all disciplines that have worked hard to increase the rate at which software can adapt to changing business requirements. How do we bake security into the mix so we don’t end up adding it badly in a rush at the end? The answer is DevSecOps.
