#DevSecOps

The Problem of Permissions and Non-Human Identities – Why Remediating Credentials Takes Longer Than You Think

by

November 18, 2024 at 12:57PM A recent GitGuardian and CyberArk report reveals 79% of IT leaders faced secrets leaks, with over 12.7 million hardcoded credentials on GitHub. Despite developer and security teams’ efforts, confusion over permissions hampers efficient remediation, averaging 27 days. Implementing a shared responsibility model is essential to address these risks effectively. **Meeting … Read more

The Problem of Permissions and Non-Human Identities – Why Remediating Credentials Takes Longer Than You Think

by

November 18, 2024 at 09:00AM Research by GitGuardian and CyberArk reveals a rise in secrets leaks among IT decision-makers, with over 12.7 million hardcoded credentials exposed on GitHub. Organizations face lengthy remediation times and unclear ownership of security responsibilities. A shared responsibility model between developers and security teams could enhance credential management and reduce risks. … Read more

How Developers Drive Security Professionals Crazy

by

November 8, 2024 at 10:35AM The integration of DevSecOps aims to balance development speed with security, addressing challenges such as security training, complex tools, and alert management. Successful implementation involves understanding risk portfolios, automating security testing, continuous monitoring, and simplifying developers’ experiences, ultimately fostering collaboration for efficient, secure software delivery. **Meeting Takeaways: DevSecOps Implementation** 1. … Read more

‘Shift Left’ Gets Pushback, Triggers Security Soul Searching

by

October 25, 2024 at 07:17AM The Cybersecurity and Infrastructure Security Agency (CISA) questions the claim that fixing software vulnerabilities is 100 times more expensive during production. Agile development may lessen this cost, suggesting that shifting security responsibilities to developers, while important, needs a balanced approach. The emphasis should be on integrating security throughout the development … Read more

Vulnerabilities, AI Compete for Software Developers’ Attention

by

October 18, 2024 at 12:38PM In less than two years, AI assistants have significantly improved coding efficiency among developers, leading to increased software downloads and developments. However, security has lagged, with vulnerability remediation times rising drastically. Concerns grow over AI-generated code quality and security, particularly for inexperienced developers, potentially impacting future talent development. ### Meeting … Read more

DefectDojo Raises $7 Million for Application Security Platform

by

September 25, 2024 at 10:42AM DefectDojo, an application security firm based in Austin, Texas, raised $7 million in Series A funding. The company’s open source platform automates security workflows, aggregates data from various tools, and offers vulnerability management capabilities. The funds will support innovation, product development, and market expansion while maintaining a commitment to its … Read more

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

by

September 12, 2024 at 01:12PM GitLab released security updates addressing 17 vulnerabilities, including a critical flaw (CVE-2024-6678) enabling an attacker to run pipeline jobs as an arbitrary user. This is the fourth flaw patched in the past year. Users are urged to apply the patches immediately. There is no evidence of active exploitation, but caution … Read more

Wiz Launches Wiz Code Application Security Tool

by

September 11, 2024 at 12:04AM Wiz launched Wiz Code, a cloud app security product that identifies and resolves cloud risks in code before they become critical issues. It integrates with developer environments, highlighting security issues and providing fix suggestions. Wiz Code aims to enhance collaboration between security and development teams by aligning issues with their … Read more

Darkhive Raises $21 Million for Drones, Secure Code Delivery System

by

September 10, 2024 at 08:15AM San Antonio-based Darkhive, a drone maker, secures $21 million in Series A funding led by Ten Eleven Ventures. It also offers a DevSecOps platform called FleetForge for secure code delivery to uncrewed aircraft systems, supported by US Defense Dept. accreditation. With additional support from other venture capital firms, Darkhive aims … Read more

Improved Software Supply Chain Resilience Equals Increased Security

by

September 3, 2024 at 10:07AM Summary: Software supply chain attacks pose significant challenges to the DevSecOps community, emphasizing the need for improved resilience. Key components include visibility, governance, and continuous deployment. Organizations should focus on understanding their environments in real-time, implementing good governance, and continuously testing and monitoring for vulnerabilities to strengthen their security posture. … Read more