DevSecOps isn’t always about success. Senior IT Security Consultant at mgm security partners, Maximiliane Zirm shares the successes, mistakes, and lessons learned in the area of DevSecOps during a large project What’s the verdict: Just how practical is DevSecOps? Find out in this field report from DevOpsCon.
Over the course of its 20-year history, it is clear that Java’s success, and security, has developed due to its continual reinvention, adaptation, and evolution through the works of its community. This article will explore some key innovations and milestones in Java’s history, and explain how they connect with its continued efforts to remain secure through its lifespan.
The Python Software Foundation members have been working on improving the Python Package Index (PyPI). In 2018, they announced that Facebook Research was funding security improvements, so let’s see how far they have come and what future plans they have.
Over the past thirty years, the shift from proprietary, to freemium, to open source software has changed decision-making within companies. Now, the bottom-up decision-making models are commonplace, but often security teams are left on the outside looking in. This article examines four use cases to empower developers with open source secrets management.
Is your organization prepared for security incidents? Dispatch has come to the rescue. The orchestration framework was developed by Netflix and recently released open source. It integrates with popular tools like Jira, Slack and GSuite to help you manage and keep track of incidents.
WordPress is the most widely-used content management system in the world, powering over 35% of all websites. However, many pre-existing WordPress sites have a number of security flaws. Find out how web developers can overhaul an existing WordPress site into tip-top shape and how to handle potential security concerns.
In this article, we’ll take a look at five principles that should be followed when coding in Java in 2020. Ideally, these principles should be integrated into a DevSecOps process, in which security is built into development from the ground up, but they are equally useful for auditing legacy code.
Secure Software Development Lifecycle (Secure SDLC) is a key focus area for product engineering organizations. Adopting security as a part of the development process to reduce the risk of vulnerabilities and threats, leads to reduced security incidents and damages. This article presents an uncomplicated view of Secure SDLC for practitioners – Engineering leaders, Product Managers, and Process Leads.
Quantum computing might initially sound like a far-fetched futuristic idea, but companies such as Amazon, Google, and IBM are putting their weight behind it and preparations have begun. With quantum computing potentially within our reach, what will happen to our current security models and modern-day encryption? See what security experts are doing to prepare for quantum threats.
Where do you store your credentials and secrets? In .env files or in environment variables, or even worse, in config files? Are your primary AWS keys shared amongst developers? Do you still have SSH keys from former employees on your servers?
Keeping your data and identity secure is more important than ever in 2020, and as tech evolves, it has also become more complicated than ever. How will cybersecurity evolve? Phishing isn’t just limited to email anymore, and your car’s built-in tech might become the source of data theft. Keep yourself secure and learn about what security experts think is yet to come.
Cybersecurity doesn’t just apply to your personal devices, it also is one of the biggest roles in modern warfare and cannot be ignored. Cyberwarfare is far from a theoretical threat. History has shown that the value of gaining access to privileged information and disrupting systems for political gain is more than enough motive to generate action from independent hacktivists, nation-states, and private organizations.
The Internet was originally built without concerns for privacy, especially not the complicated security features required by today’s standards. It’s far too late to redesign the entire Internet, however, two blockchain projects offer potential security solutions. Blockchain’s capabilities of serving as a decentralized payment system could be the secret for the future of internet security.
Since DevSecOps is such a prominent topic as we move into 2020 that we decided to ask five experts their opinions on the subject of security roles being integrated into DevOps. In this second part of our panel series we ask three questions: Where are applications most vulnerable? What are the best security practices? What tools do they recommend? Here’s what they had to say.