Topic: compliance
Guest View: How compliance fits into DevOps
As security and privacy grow in importance, regulatory compliance is becoming an increasing priority for most businesses. But let’s just say it: compliance audits are not fun. That’s especially true when it comes to engineering and development teams, who are tasked with gathering all of the relevant data – in other words, evidence – needed … continue reading
Environment-free computing company Gravitational rebrands as Teleport
Gravitational changed its name to Teleport and released the Teleport Unified Access Plane. “The decision to formally change our name to Teleport supports the natural evolution that our company has followed from the point it was founded – to create software for engineers that allows them to quickly access any resource anywhere,” said Ev Kontsevoy, … continue reading
IBM releases Code Risk Analyzer to shift security left
IBM has announced the Code Risk Analyzer, a focused effort to bring security and compliance analytics to DevSecOps. The Code Risk Analyzer can be configured to run at the beginning of a developer’s code pipeline and it reviews and analyzes Git repositories for known issues with any open-source code that needs to be managed. It … continue reading
Report: 73% of developers sacrifice security for speed
A majority of developers feel forced to sacrifice security for the speed that today’s development cycles require. A recent report from WhiteSource found 73% of security teams at organizations are forced to cut corners, and the AppSec tools they use are to check the box towards DevSecOps improvements and are not effectively used. “There are … continue reading
Datadog brings security, performance monitoring together with four product releases
Datadog today is revealing its vision for bringing security and performance monitoring into a single platform in the form of updates and new product features for its cloud infrastructure monitoring platform. At its virtual DASH conference this week, the company announced Error Tracking, Incident Management, Compliance Monitoring and Continuous Profiler, rounding out its platform to … continue reading
Governance, compliance and risk management does not have to be a lengthy, tedious process
Software development may be a faster process thanks to the rise of Agile, DevOps, and continuous delivery, but governance, risk and compliance (GRC) management are slowing things down. There are many manual and lengthy checks that go into GRC to make sure the software is secure, adheres to laws and regulations, and is on track … continue reading
premium Solving your data problem with customized software
Large legacy enterprises have a data problem. Decades of iterative infrastructure updates via relatively small investments have resulted in information silos scattered across different systems and in different formats. For example, a hospital may have patient records in one location and accounting data in another. All of this data is managed by different teams with … continue reading
ChefConf 2018 focuses on application-centric application release automation
Chef announced a number of new updates designed to bring businesses beyond infrastructure-centric configuration management. The company released Chef Automate 2.0, Chef Application Automation and Chef Compliance Automation at its annual conference ChefConf 2018 in Chicago today. “The race to modernize IT by deploying and managing new and legacy applications in multiple environments is greatly … continue reading
Parasoft launches MISRA Compliance Pack and ISO-26262 Qualification Kit to help organizations streamline the development of safe, secure, and reliable automotive software
Parasoft, the leader in automated software testing technologies, will feature their automotive software test automation solution this week at AV18. At the core of the solution is Parasoft C/C++test, a unified C and C++ development testing solution that helps organizations address software development best practices by providing automated testing tools that simplify unit testing, code … continue reading
AWS Greengrass, Fugue support for AWS GovCloud, and Shippable Server — SD Times news digest: June 8, 2017
Amazon Web Services (AWS) is making AWS Greengrass — a software which allows customers to run AWS compute, messaging, data caching, and sync capabilities on connected devices — available to all its customers. According to an AWS statement, AWS Greengrass “eliminates the complexity involved in programming and updating IoT devices by allowing customers to use … continue reading
The Linux Foundation and FSFE introduces new OSS resources
The open-source landscape can be tricky to navigate with the different projects, licenses, and compliance requirements. The Linux Foundation and Free Software Foundation Europe (FSFE) are announcing new resources to simplify free and open-source software license identification and compliance. “We must work more on helping those who want to be part of the free and … continue reading
Black Duck audit highlights risk of open-source security vulnerabilities
Black Duck, a company that serves up information about the latest security vulnerabilities on open source components, released its 2017 Open Source Security and Risk Analysis (OSSRA) today. The OSSRA revealed significant risks related to open-source vulnerabilities and license-compliance challenges, as well as high levels of risk in the retail and ecommerce industry. According to … continue reading
