Over the past thirty years, the shift from proprietary, to freemium, to open source software has changed decision-making within companies. Now, the bottom-up decision-making models are commonplace, but often security teams are left on the outside looking in. This article examines four use cases to empower developers with open source secrets management.
Is your organization prepared for security incidents? Dispatch has come to the rescue. The orchestration framework was developed by Netflix and recently released open source. It integrates with popular tools like Jira, Slack and GSuite to help you manage and keep track of incidents.
WordPress is the most widely-used content management system in the world, powering over 35% of all websites. However, many pre-existing WordPress sites have a number of security flaws. Find out how web developers can overhaul an existing WordPress site into tip-top shape and how to handle potential security concerns.
In this article, we’ll take a look at five principles that should be followed when coding in Java in 2020. Ideally, these principles should be integrated into a DevSecOps process, in which security is built into development from the ground up, but they are equally useful for auditing legacy code.
Secure Software Development Lifecycle (Secure SDLC) is a key focus area for product engineering organizations. Adopting security as a part of the development process to reduce the risk of vulnerabilities and threats, leads to reduced security incidents and damages. This article presents an uncomplicated view of Secure SDLC for practitioners – Engineering leaders, Product Managers, and Process Leads.
Quantum computing might initially sound like a far-fetched futuristic idea, but companies such as Amazon, Google, and IBM are putting their weight behind it and preparations have begun. With quantum computing potentially within our reach, what will happen to our current security models and modern-day encryption? See what security experts are doing to prepare for quantum threats.
Where do you store your credentials and secrets? In .env files or in environment variables, or even worse, in config files? Are your primary AWS keys shared amongst developers? Do you still have SSH keys from former employees on your servers?
Keeping your data and identity secure is more important than ever in 2020, and as tech evolves, it has also become more complicated than ever. How will cybersecurity evolve? Phishing isn’t just limited to email anymore, and your car’s built-in tech might become the source of data theft. Keep yourself secure and learn about what security experts think is yet to come.
Cybersecurity doesn’t just apply to your personal devices, it also is one of the biggest roles in modern warfare and cannot be ignored. Cyberwarfare is far from a theoretical threat. History has shown that the value of gaining access to privileged information and disrupting systems for political gain is more than enough motive to generate action from independent hacktivists, nation-states, and private organizations.
The Internet was originally built without concerns for privacy, especially not the complicated security features required by today’s standards. It’s far too late to redesign the entire Internet, however, two blockchain projects offer potential security solutions. Blockchain’s capabilities of serving as a decentralized payment system could be the secret for the future of internet security.
Since DevSecOps is such a prominent topic as we move into 2020 that we decided to ask five experts their opinions on the subject of security roles being integrated into DevOps. In this second part of our panel series we ask three questions: Where are applications most vulnerable? What are the best security practices? What tools do they recommend? Here’s what they had to say.
Since DevSecOps is such a prominent topic as we move into 2020 that we decided to ask five experts their opinions on the subject of security roles being integrated into DevOps. In this first part of our panel series we ask two questions: What is DevSecOps? Where is it easy and where is it difficult to keep an eye on security? Here’s what our experts had to say.
Working with Terraform infrastructure-as-code can sometimes be a bit of a headache when it comes to tracking security misconfigurations and compliance violations, but now Fugue has open sourced their Regula tool to assist engineers with maintaining vigilance. Let’s take a closer look.
In order to keep up with consumer demands and increased market competition, businesses know that speedy deployment is crucial and is one of the key components of DevOps metrics. You have to keep releasing new, responsive updates. DevSecOps can help promote faster deployment times and enhance security.