DevSecOps is the DevOps community’s approach to bringing security into the development lifecycle. Businesses want to deliver software, but cannot afford to release unreliable or insecure applications— therefore security needs to be baked in much sooner than it has traditionally been.
DevSecOps shifts security ‘left’ to find and fix vulnerabilities earlier in the software development life cycle. It includes the benefits of DevOps such as developing, deploying and delivering new features at a rapid pace, but it also provides a more proactive approach to identifying and addressing bug in real time to bring security risks significantly down.
Just like DevOps, culture will remain a barrier to a successful DevSecOps solution. In addition to bringing the developers and operation teams together, now they need to figure out how to work with the security team towards the same goals and objectives. Bringing the security team in sooner will help them understand the code and work with the development team in a more productive manner.
As security continues to shift left and DevSecOps efforts expand, software security best practices are rapidly evolving. The State of Software Security Report conducted by the application security company Veracode, showed that on average, organizations are running scans on their apps 20 times more than they were just 10 years ago. With this, the report … continue reading
For a long time, security teams have been able to mostly rely on the safety of a security perimeter, but with things like IoT, embedded development, and now remote and hybrid work, this notion of a defensible perimeter is totally gone. Having all of these connected devices that don’t live under one network expands the … continue reading
The following is a listing of DevSecOps tool providers, along with a brief description of their offerings. Bridgecrew by Prisma Cloud automates security from code to cloud. By embedding earlier in the DevOps lifecycle, Bridgecrew enables developers to write secure code without slowing them down. In addition to its DevSecOps tools and integrations, Bridgecrew’s platform … continue reading
We asked these tool providers to share more information on how their solutions help companies with security in remote or hybrid settings. Their responses are below. Guy Eisenkot, VP of product and co-founder of Bridgecrew by Prisma Cloud As hybrid work environments and cloud infrastructure environments become the norm, organizations’ attack surfaces are only getting … continue reading
Amidst the “Shift Left and Extend Right” security trend, developers find themselves needing to implement more robust security practices into their processes. Idan Plotnik, co-founder and CEO of Apiiro, provider of an application risk management platform, discussed the ways in which developers can mitigate critical security risks in order to better protect themselves and their … continue reading
The various trends around software development: small team sizes, faster velocity and the styles of building software are here to stay and organizations will need a new way in which to train their developers. This is according to Pete Chestna, CISO of North America at Checkmarx, in the SD Times Live! on-demand webinar “Cloud Engineering … continue reading
Recent large-scale attacks on enterprise and infrastructure security have led the federal government and private businesses to rethink the way they manage security. Last month’s ransomware attack on the Colonial Pipeline shut down the main part of its network for five days, affecting fuel supplies across the United States. Additionally, an attack on SolarWinds infrastructure … continue reading
As organizations look towards DevSecOps as a way to infuse security throughout the software development life cycle while at the same time accelerating releases, more sides of the business have their hands on deck regarding security. However, it’s still the security side that’s on the hook when a major breach happens. “People like to say … continue reading
The COVID-19 pandemic has led teams to focus on embracing DevOps technologies such as Kubernetes, ML/AI and cloud computing, and as a result, 84% of developers say they’re releasing code faster than ever before. That was one of the key findings in GitLab’s fifth annual DevSecOps survey, which this February asked 4,300 DevOps team members … continue reading
Teller is an open-source productivity secret manager that aims to help developers with cloud-native apps and multiple cloud providers. The tool was built by developer-first cybersecurity company Spectral as a way to tackle the “last mile problem” of securing sensitive access and preventing data leaks. With Teller, developers never have to leave their terminal to … continue reading
IBM announced two new capabilities to help developers deliver intelligent application analysis throughout the DevOps pipeline. The first one is IBM Application Discovery and Delivery Intelligence (ADDI) for IBM Z V, which allows developers to accelerate application development by enabling them to gain insight into their business-critical application estate after which they can immediately get … continue reading
Qualcomm has announced it’s first augmented reality reference design. The new Qualcomm Snapdragon XR1 AR Smart Viewer Reference Design aims to reduce commercialization time for OEMs to deliver high-quality immersive experiences. According to the company, users get a 30% reduction in overall power consumption in the system, the 2D app framework provides a systems-level feature … continue reading