Topic: sdlc

NIST publishes new draft framework for integrating supply chain security into CI/CD pipelines

The National Institute of Standards and Technology (NIST) published a new draft document that outlines strategies for integrating software supply chain security measures into CI/CD pipelines.  Cloud-native applications typically use a microservices architecture with a centralized infrastructure like a service mesh. These applications are often developed using DevSecOps, which uses CI/CD pipelines to guide software … continue reading

Recent major infrastructure attacks have put cybersecurity at the forefront

Recent large-scale attacks on enterprise and infrastructure security have led the federal government and private businesses to rethink the way they manage security.  Last month’s ransomware attack on the Colonial Pipeline shut down the main part of its network for five days, affecting fuel supplies across the United States.  Additionally, an attack on SolarWinds infrastructure … continue reading

Security shifts left as a team effort

As organizations look towards DevSecOps as a way to infuse security throughout the software development life cycle while at the same time accelerating releases, more sides of the business have their hands on deck regarding security. However, it’s still the security side that’s on the hook when a major breach happens.  “People like to say … continue reading

AWS unveils new chaos engineering tool: Fault Injection Simulator

AWS is enabling teams to address application weaknesses with the introduction of the AWS Fault Injection Simulator at is virtual AWS re:Invent 2020 conference this week.  The simulator is a chaos engineering tool expected to be generally available in 2021. According to the company, the new offering will come packed with pre-built templates for creating … continue reading

SD Times news digest: Fastly to acquire Signal Sciences, LDRA launches Secure Software Development Resource Centre, and Dynatrace announces observability for AWS

Fastly entered into a definitive agreement to acquire Signal Sciences for approximately $775 million in cash and stock.  The acquisition will expand Fastly’s security portfolio through developer-first web applications and API protection solutions, according to the company.  “Fastly was founded to meet developers’ need for greater visibility and control. Now, as the digital transformation movement … continue reading

Developers buying in to security tasks

Security has become enough of a drumbeat issue that its importance has trickled down from the CISOs through the security organization to software developers. And slowly but surely, developers are beginning to take ownership of security as a part of the development life cycle. But this heightened awareness of security hasn’t necessarily led to better … continue reading

Source{d} enables oversight over the entire SDLC

Lack of visibility into the entire SDLC is a problem, causing about 70 percent of large IT transformation projects to fail, according to source{d}. To aid enterprises through their digital transformation, source{d} launched source{d} Enterprise Edition (EE), which gives IT executives visibility into codebases, IT teams and processes, and offers the ability to add multiple … continue reading

Testing strives to keep pace with development

With the emphasis on ever-faster software release cycles, organizations are turning to automated testing to ensure they can keep up with that speed while simultaneously ensuring they are releasing quality products. Though people have been talking about automated testing for a while now, many testing efforts are still manual, said Jeff Scheaffer, general manager of … continue reading

Fewer bugs, faster releases: How APM improves the SDLC

Breaking down a series of interdependent movements into discrete actions is often the first step to improving the performance of everything from professional orchestras to sports teams. And so it is with software. The Software Development Life Cycle (SDLC) evolved out of an effort in the late 1960s to put formal quality processes in place … continue reading

Electric Cloud releases ElectricFlow 8.0 with new DevOps Insight Analytics

In order to automate data collection from the entire DevOps toolchain, Electric Cloud introduced ElectricFlow 8.0 with new DevOps Insight Analytics. This new solution provides teams with automated data collection and reporting to connect DevOps toolchain metrics and performance. It also provides visibility back into the business value and health or status of software releases. According … continue reading

Security Playbook 2017: How to improve practices this year

From LinkedIn to Yahoo, companies fell into the hands of hackers and identity thieves in 2016. Each year, companies seem to make the same security resolutions, only to face roadblocks like skill shortages, time constraints and budget issues, which prevent them from implementing good security practices. Experts recommended companies consider the following trends and predictions … continue reading

Report: Organizations embracing DevSecOps automation

The DevOps community is struggling with bringing security into the organization and across the software development life cycle (SDLC). However, new research from Sonatype reveals that while companies continue to face breaches, mature development organizations finally realize how critical it is to weave automated security early in the SDLC. Sonatype, a software automation and security … continue reading

DMCA.com Protection Status