The Meltdown and Spectre story continues. Even though Amazon Web Services’ (AWS) response shows that they’ve already patched and protected their infrastructure you still have work to do. AWS’ Shared Responsibility Model means that you are responsible for patching the operating system running on your EC2 instances, and this is where things get … complicated.
Meltdown and Spectre affect nearly everything that’s got a chip in them. But somehow single-board computers like the Raspberry Pi have managed to avoid this vulnerability. How?
What does the future of DevOps look like? We asked Mark Pundsack, Head of Product at GitLab about his predictions for 2018. Expect to hear lots about DevSecOps, Kubernetes, containers, and more.
Organizations in 2018 will have greater capabilities to decentralize information need, through both blockchain- and non-blockchain-based solutions. In this article, Joe Stuntz, Vice President of Cybersecurity at One World Identity (OWI) gives his digital privacy and security predictions.
Security is one of the core issues when creating a production environment. Particularly when using the Docker ecosystem in general and Docker Swarm in particular, the question arises of how to secure the development process. In his session at the DevOpsCon 2017 in Berlin, Gianluca Arbezzano, software engineer at InfluxData, gives important tips on setting up a production environment, immutability, and security concepts for dockers.
Agile development is great for a lot of things. However, it’s important to remember security issues in the development process. In this article, Jessica Cyrus goes over the best ways to make sure security concerns are adressed properly in the Agile development process.
Security issues are no joke, but it’s hard to stay updated with everything. Constant vigilance is tiring, you know? Keep track of your potential vulnerabilities with GitHub’s dependency graphs and security alerts.
Open Source security lifecycle: It takes almost 3 years to publicly disclose library vulnerabilities
We’ve already dissected Snyk’s State of Software Security Report and we’ve pointed out that about 75% of application code is made up of open source components. What we still haven’t covered is the lifecycle of an open source security vulnerability and the steps that play an essential role in the overall state of security. Let’s proceed.
Open source is great. But when it can lead to more security vulnerabilities, how much is too much? And can DevOps save us all? We go over the 2017 State of Software Security Report and see how the industry is doing.
The Equifax hack that exposed nearly half of all Americans is going to happen again. It’s only a matter of time. And it’s all because developers are too busy to deal with pull requests.
How do we keep our code and ourselves safe? In this interview, Jeff Williams, co-founder and chief technology officer at Contrast Security explains why we have to reinvent security, why DevSecOps is so important, and how to avoid taking serious risks in applications.
Data breaches are a dime a dozen these days. Are hackers getting better? Not really. It turns out that bad coding practices lead to insecure code and glaring vulnerabilities. Who knew?
The cloud is one of the safest places to store your data. Even if business leaders find it more practical to store information locally, there are many reasons to leave the storage up to the cloud provider. The cloud, however, is not failsafe.
More and more companies are now choosing to migrate their services to the cloud. JAXenter editor Gabriela Motroc talked to Mitchell Hashimoto, founder of HashiCorp and DevOpsCon speaker, about why it’s safe now to move to the cloud and what precautionary measures should be taken before diving into the cloud.