For a long time, security teams have been able to mostly rely on the safety of a security perimeter, but with things like IoT, embedded development, and now remote and hybrid work, this notion of a defensible perimeter is totally gone. Having all of these connected devices that don’t live under one network expands the … continue reading
OpenSSF announced the Alpha-Omega Project to improve the security posture of open-source software by working together with software security experts. Microsoft and Google are supporting the project, which aims to improve global OSS supply chain security by working with project maintainers to systematically look for new, as-yet-undiscovered vulnerabilities in open source code with a $5 … continue reading
Codefresh launched the Codefresh Software Delivery Platform (CSDP), which brings the Argo toolset, including Workflows, Events, CD, and Rollouts, into a single platform. Argo is an open-source project that Codefresh maintains that offers tools for running workflows and managing clusters in Kubernetes. “Enterprise-class tooling for Argo – built on GitOps best practices – enables faster … continue reading
Security company ShiftLeft today announced the new release of its ShiftLeft CORE platform with the Velocity Update that has new features for identifying and addressing potential vulnerabilities earlier in the software development life cycle. New features and capabilities include the ability to perform code analysis for Kotlin apps for mobile development, which is an early-stage … continue reading
Weaveworks acquired the policy-as-code startup Magalix to secure Kubernetes applications by integrating the solution into Weave GitOps. “Enterprise customers have made it clear that trusted application delivery is critical to the success of their increasingly complex cloud native platforms,” said Alexis Richardson, the CEO of Weaveworks. “With the acquisition of Magalix, Weaveworks introduces customizable policies, … continue reading
Organizations such as the Linux Foundation, OpenSSF, Google, Akamai, and Red Hat attended a White House Summit meant to address supply chain security challenges following the recent log4j crisis. “The open-source ecosystem will need to work together to further cybersecurity research, training, analysis, and remediation of defects found in critical open-source software projects. These plans … continue reading
The DevOps Institute announced its lineup for 2022 events and webinars and plans for two new DevOps certifications. The new certifications include DevOps Practitioner and DevOps Engineering Foundation. Also, SKILup Days, SKILup Hours, and SKILup Festival 2022: A Live DevOps Educational Experience will provide insights and education needed by DevOps professionals in a wide variety … continue reading
This year, Microsoft went all in on open-source and security and launched a plethora of new solutions aimed at bettering the lives of developers working remotely and on-premises. Microsoft launched its flagship Visual Studio 2022 and .NET 6. in November. .NET 6 is a follow-up to the notable .NET 5, which merged .NET Framework and … continue reading
2021 was a tumultuous time for security, marking both massive breaches — a trend that sped up during the pandemic — and widespread action for trying to fix the problem. On May 7, 2021, the Colonial Pipeline, an American oil pipeline system, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. In response, … continue reading
Amidst the “Shift Left and Extend Right” security trend, developers find themselves needing to implement more robust security practices into their processes. Idan Plotnik, co-founder and CEO of Apiiro, provider of an application risk management platform, discussed the ways in which developers can mitigate critical security risks in order to better protect themselves and their … continue reading
Checkmarx’s open-source KICS (Keeping Infrastructure as Code Secure) solution has been integrated into version 14.5 of the GitLab DevOps Platform as an infrastructure-as-code scanning tool. KICS automatically parses infrastructure-as-code files of any type to detect insecure configurations that could expose applications, data and services to attack. Users of Ansible, AWS CloudFormation, K8S or Terraform can … continue reading
Veracode launched an advanced scanning tool that enables organizations to find and fix vulnerabilities in APIs. The new capability leverages Veracode’s Dynamic Analysis (DAST) scanning engine to provide comprehensive security insights and remediation guidance for APIs. “The explosion of APIs means that application development is becoming more fragmented and decentralized in nature, so the attack … continue reading
