Introducing code-signing provides security within the application, but teams should take care to understand and implement the process effectively Digital certificate management, with hundreds or thousands of certificates required to support IT infrastructure, can easily lead to degradation of application integrity and unnecessary risk to the business. The cumbersome nature of siloed teams manually managing […]
2020 will be a year we all remember for so many reasons. It has been a year full of uncertainty and confusion, and also one in which misconceptions abound. In the world of software engineering, we feel this acutely as all eyes are on the engineering team to continue building innovative new products and solutions—maintaining the […]
The Open Source Security Foundation (OpenSSF), an arm of the Linux Foundation, is providing free security training for developers building and employing open source software starting later this week as part of an overall effort to advance best DevSecOps practices. Linux Foundation CTO Chris Aniszczyk said the Secure Software Development Fundamentals professional certificate program along with additional programs and […]
Harness, at its {Unscripted} 2020 conference today, announced its plans in the fourth quarter to make available as a beta a module that leverages machine learning algorithms to optimize build and test cycles on the Harness Continuous Integration (CI) Enterprise platform. At the same time, Harness is adding a beta of a Continuous Features module to enable DevOps teams […]
The assumption that large, established enterprises—from insurance companies to government agencies—can’t adopt Agile processes or DevOps is based on the falsehood that legacy technology stacks won’t allow for it; that existing traditional mainframe applications or legacy applications that large enterprises are built on are incapable of adapting to these approaches. Accelerated Strategies Group recently released […]
ZeroNorth has extended its namesake software-as-a-service (SaaS) platform for orchestrating DevSecOps toolchains to include integrations with Scout Suite, Aqua Trivy, Gitlab and BitBucket Server and the configuration management database (CMDB) from ServiceNow. The company is also adding application portfolio reports to surface the security policies applied to each application, scan results and progress of remediation work and […]
One of the most important shifts of the past few years in finance and banking was the movement from primarily branch-based banks to mobile-first banks. While these innovative products simplify the end user experience, they also bring up more security concerns, since digital channels expose a number of vulnerabilities. These apps deal with sensitive user […]
Continuous integration/continuous delivery, more commonly known as CI/CD, promises to help software companies become more agile by delivering software faster and more reliably. The goal of CI/CD is to reduce software development and delivery timelines from months or weeks down to days or even hours. It does this by pushing frequent updates and fixes regardless […]
DevOps is not only about software development and operations. To make complete utilization of the flexibility in DevOps approach, it is desirable for software developers to integrate IT security at every step during a software’s life cycle. It is, in essence, what DevSecOps is. Exploring Further – What is DevSecOps? DevSecOps works on the premise […]
DevSecOps has become one of the hottest buzzwords in the DevOps ecosystem over the past couple of years. In the abstract, it’s easy to understand what DevSecOps means and why people care about it: It’s a strategy that extends DevOps efficiencies to software security. But when you sit down and actually start implementing DevSecOps, things can get trickier. […]