The National Institute of Standards and Technology (NIST) published a new draft document that outlines strategies for integrating software supply chain security measures into CI/CD pipelines. Cloud-native applications typically use a microservices architecture with a centralized infrastructure like a service mesh. These applications are often developed using DevSecOps, which uses CI/CD pipelines to guide software … continue reading
Recent large-scale attacks on enterprise and infrastructure security have led the federal government and private businesses to rethink the way they manage security. Last month’s ransomware attack on the Colonial Pipeline shut down the main part of its network for five days, affecting fuel supplies across the United States. Additionally, an attack on SolarWinds infrastructure … continue reading
As organizations look towards DevSecOps as a way to infuse security throughout the software development life cycle while at the same time accelerating releases, more sides of the business have their hands on deck regarding security. However, it’s still the security side that’s on the hook when a major breach happens. “People like to say … continue reading
AWS is enabling teams to address application weaknesses with the introduction of the AWS Fault Injection Simulator at is virtual AWS re:Invent 2020 conference this week. The simulator is a chaos engineering tool expected to be generally available in 2021. According to the company, the new offering will come packed with pre-built templates for creating … continue reading
Fastly entered into a definitive agreement to acquire Signal Sciences for approximately $775 million in cash and stock. The acquisition will expand Fastly’s security portfolio through developer-first web applications and API protection solutions, according to the company. “Fastly was founded to meet developers’ need for greater visibility and control. Now, as the digital transformation movement … continue reading
Security has become enough of a drumbeat issue that its importance has trickled down from the CISOs through the security organization to software developers. And slowly but surely, developers are beginning to take ownership of security as a part of the development life cycle. But this heightened awareness of security hasn’t necessarily led to better … continue reading
Lack of visibility into the entire SDLC is a problem, causing about 70 percent of large IT transformation projects to fail, according to source{d}. To aid enterprises through their digital transformation, source{d} launched source{d} Enterprise Edition (EE), which gives IT executives visibility into codebases, IT teams and processes, and offers the ability to add multiple … continue reading
With the emphasis on ever-faster software release cycles, organizations are turning to automated testing to ensure they can keep up with that speed while simultaneously ensuring they are releasing quality products. Though people have been talking about automated testing for a while now, many testing efforts are still manual, said Jeff Scheaffer, general manager of … continue reading
Breaking down a series of interdependent movements into discrete actions is often the first step to improving the performance of everything from professional orchestras to sports teams. And so it is with software. The Software Development Life Cycle (SDLC) evolved out of an effort in the late 1960s to put formal quality processes in place … continue reading
In order to automate data collection from the entire DevOps toolchain, Electric Cloud introduced ElectricFlow 8.0 with new DevOps Insight Analytics. This new solution provides teams with automated data collection and reporting to connect DevOps toolchain metrics and performance. It also provides visibility back into the business value and health or status of software releases. According … continue reading
From LinkedIn to Yahoo, companies fell into the hands of hackers and identity thieves in 2016. Each year, companies seem to make the same security resolutions, only to face roadblocks like skill shortages, time constraints and budget issues, which prevent them from implementing good security practices. Experts recommended companies consider the following trends and predictions … continue reading
The DevOps community is struggling with bringing security into the organization and across the software development life cycle (SDLC). However, new research from Sonatype reveals that while companies continue to face breaches, mature development organizations finally realize how critical it is to weave automated security early in the SDLC. Sonatype, a software automation and security … continue reading