Enterprises struggle with long-term exposure to security flaws

As the number of zero-day vulnerabilities continues to climb, enterprises are struggling to keep up with the long-term exposure to these security flaws. Recently, Rob Silvers, undersecretary for policy at the U.S. Department of Homeland Security and chair of its Cyber Safety Review Board, proclaimed that Log4j “is not over.” He noted that enterprises are … continue reading

Value stream management is all about continuous improvement

Value stream management has a terminology problem, since there are terms out there that sound the same but are actually different: value stream, value stream mapping, value stream management, and value management – which leaves many confused. “There’s nothing wrong with value stream management itself, but there’s plenty wrong with how it’s being considered and … continue reading

SAST, SCA & QA are the best tools to combat hackers’ smaller, more sophisticated attacks

As many organizations are bolstering up their security measures, hackers have shifted their focus to smaller and more concentrated attacks, according to Daniel Fonseca, senior solutions engineer at Kiuwan in the webinar “Preventing common vulnerabilities with Kiuwan’s SAST, SCA, and QA tools.” The National Vulnerability Database (NVD) said there were over 20,000 security vulnerabilities CVE … continue reading

Automated testing for mobile is a huge struggle

Organizations realize the importance of test automation but many struggle to make a move to automation on mobile.  The inception of mobile testing wasn’t as user-friendly for developers when compared to web testing, for example, and the difficulties still last today, according to Kobiton’s DevOps evangelist Shannon Lee, in the SD Times Live! webinar, “Creating … continue reading

AI-augmented testing is here to help

AI-augmented coding is here, and rather than taking over the role of a developer, it helps make developers lives’ easier and less tedious.  GitHub Copilot, which first launched as a technical preview last summer, is a popular example of AI-augmented coding. There’s also DeepMind’s Alphacode and Diffblue Cover, which is a unit testing solution for … continue reading

Software supply chain hygiene: The big picture

Organizations have been forced to learn the hard way over the past year the importance of software supply chain security.  In late 2021, a vulnerability was detected in Log4j, which is a framework for logging in Java that is used as a dependency in over 7,000 open-source projects. This was just one example of a … continue reading

Test management in an agile reality

Successful product testing today requires development teams to always keep in mind how each change is benefitting the business and how it is going to solve the customer’s problem.  This is according to Brijesh Deb, a test consultant at Infosys Netherlands, in the latest SD Times Live! exclusive webinar, “Test Management in an Agile Reality.” … continue reading

5 ways developers can use SCA to increase code output

Developers are always under pressure to increase code output, but without the proper controls and tooling in place, rushing through the development process can lead to problems down the road.  Things like static code analysis (SCA) tools offer a way to verify quality, security, and compliance without adding too much extra time to the process. … continue reading

DataOps engineers run toward error and automate it away

The DataOps role is unique in the space of data analytics, with its goal to enable data engineers, scientists, analysts and governance to own the pipelines that run the assembly process. Essentially, DataOps engineers work on, but not in, these pipelines, according to a DataKitchen webinar titled “A Day in the Life of a DataOps … continue reading

Placing security in the hands of developers

Developers today are faced with an ever-changing landscape. Their responsibilities continue to expand into areas like software QA, security, and governance. In an SD Times Live! webinar, Brian Fox, CTO of Sonatype and Steve Poole, developer advocate at Sonatype, discuss the ways in which security has become an essential part of a developers job. According … continue reading

A low-code approach to app protection

Developers today more than ever are facing the challenge of outside attackers infiltrating their apps. Whether the app is brought to life using experienced professional developers or low-code developers, in today’s digital zeitgeist, extra protection is always essential.  App security is an important aspect of the development process that can too often be overlooked by … continue reading

Take a data-first approach to modernization

Modernization is important in order for companies to keep up with evolving industry conditions, but some businesses may be modernizing at a faster pace than their software can keep up with.  In an SD Times Live! talk with CodeLogic, Eric Minick, DevOps evangelist at CodeLogic, and Brandon Tylke, chief software architect at CodeLogic, explained why … continue reading Protection Status