DevSecOps is the DevOps community’s approach to bringing security into the development lifecycle. Businesses want to deliver software, but cannot afford to release unreliable or insecure applications— therefore security needs to be baked in much sooner than it has traditionally been.
DevSecOps shifts security ‘left’ to find and fix vulnerabilities earlier in the software development life cycle. It includes the benefits of DevOps such as developing, deploying and delivering new features at a rapid pace, but it also provides a more proactive approach to identifying and addressing bug in real time to bring security risks significantly down.
Just like DevOps, culture will remain a barrier to a successful DevSecOps solution. In addition to bringing the developers and operation teams together, now they need to figure out how to work with the security team towards the same goals and objectives. Bringing the security team in sooner will help them understand the code and work with the development team in a more productive manner.
There’s been a lot of talk lately in security and development circles about the need to shift left in the software development lifecycle—and rightly so. By bringing security into the picture from the beginning, you can catch weak designs and bugs earlier, when they’re cheaper and easier to fix. So far, so good. But does … continue reading
Even with a stronger focus on security this year, most software is still riddled with security vulnerabilities. According to Veracode’s State of Software Security (SOSS) report, 87.5 percent of Java applications, 92 percent of C++ applications, and 85.7 percent of .NET application contain at least one vulnerability. In addition, over 13 percent of applications contain … continue reading
Following this week’s announcement of Android 9 Pie, Google is releasing a new Android SDK that offers more Kotlin features. According to the company, Android developers often run into problems with the Java programming language when accessing a null reference. Kotlin addresses this problem by providing nullable and non-nullable types in the type system, the … continue reading
Aqua Security enables enterprises to secure their container and cloud-native applications from development to production, accelerating application deployment and bridging the gap between DevOps and IT security. The Aqua Container Security Platform protects applications running on-premises or in the cloud, across a broad range of platform technologies, orchestrators and cloud providers. Aqua secures the entire … continue reading
Dror Davidoff, co-founder and CEO of Aqua Security Aqua Security enables enterprises to secure their container-based and cloud-native applications from development to production, accelerating container adoption and bridging the gap between DevOps and IT security. Images serve as a container’s foundation, and developers can easily pull them from a centralized registry to run containers in … continue reading
As teams are pressured to release software more rapidly, more and more aspects of software development are being forced to “shift left,” moving up earlier in the development lifecycle. Because of the speed in which code is updated and delivered, security can no longer be thought of as an afterthought, said Rani Osnat, VP of … continue reading
We are entering a new stage of app development. While, until now, requirements for architecture were left to the discretion of companies, developers and their target audiences, recent legal changes in the European Union and the United States have brought a new player to the table: regulations. Most notably, the EU’s General Data Protection Regulation … continue reading
JFrog has announced the latest release of its continuous security and universal artifact analysis solution. JFrog Xray 2.0 is designed to give DevOps teams insight into potential problems and the confidence to release into development, deployment and production stages. “Developers are incorporating an ever-growing number of artifacts from external and internal sources into their … continue reading
CA Technologies announced its acquisition of software composition analysis specialists SourceClear early this week with aims to incorporate SourceClear’s SaaS-based SCA tool and proprietary vulnerability database with their Veracode cloud platform. “We are excited about what this acquisition means for our customers in terms of increased support for SCA in DevSecOps environments and the ability … continue reading
At this point, the concept of DevOps should be familiar to everyone. But with the rise of cybersecurity attacks, organizations have seen the need to incorporate security into the mix. Thus, the idea of DevSecOps. Though the concept and practices were created with the best intentions, the number of cybersecurity attacks continues to rise, which … continue reading
From the WannaCry ransomware attack that resonated across the globe, to the massive Equifax breach and series of security mistakes that followed, 2017 saw a major uptick in cyberattacks, with no signs of slowing down. While each incident was unique, they all highlighted the complexity of applying security at scale. Wrangling the vast number of … continue reading
A DevSecOps strategy won’t work if developers haven’t bought into the movement. CA Veracode held a virtual summit on Assembling the Pieces of the DevSecOps Puzzle yesterday to talk about the importance of developer security training in a DevOps environment. According to Sonali Shah, VP of product management and marketing for CA Veracode, while the … continue reading