Large or small, enterprises from all sectors are dealing with the same vulnerabilities in open source code. The difference: the scale of the problem. DJ Schleen of Sonatype discusses insights from the latest ISMG roundtable dinner.
As part of a multi-city tour, ISMG and Sonatype visited Atlanta recently for an engaging discussion on how to mitigate risks introduced by open source code. Here's a conversation with DevOps advocate Derek Weeks.
How can organizations overcome resistance to implementing DevSecOps? Johnathan Nicholson, former CISO at Interac, the Canadian interbank network, provides insights.
Code reuse kills - software quality, that is, according to a new study of C++ code snippets shared on Stack Overflow that were reused in more than 2,800 GitHub projects. But there's help for organizations that want to support their developers' urge to cut and paste prewritten code snippets.
Moving your network to the cloud offers many security benefits, cost savings and business agility. However, understanding risks within cloud networks can be a major challenge for security teams too often on the sidelines of cloud deployments and devops processes.
In this webinar, Skybox® Security Threat...
Moving your network to the cloud offers many security benefits, cost savings and business agility. However, understanding risks within cloud networks can be a major challenge for security teams too often on the sidelines of cloud deployments and devops processes.
In this webinar, Skybox® Security Threat...
DevOps is a cultural movement that was started in order to remove silos and enhance how teams collaborate and the role people, process and tech plays in this space. But now we are in the era of DevSecOps, which inserts cybersecurity smack in the middle of this culture - and natural tensions emerge. In this exclusive...
Some security experts have prophesied the demise of traditional Intrusion Detection and Prevention Systems (IDPS) for almost 20 years, but this cornerstone of network security continues to soldier on. While next-generation firewalls have added IDPS functionality, they are driven more by policies than true threat...
Since at least 2016, hacked websites have targeted zero-day flaws in current versions of Apple iOS to surreptitiously implant data-stealing and location-tracking malware, says Google's Project Zero team. Apple patched the latest vulnerabilities in February.
Security operations (SecOps) and network teams (NetOps) have traditionally acted separately, but increasing IT complexity and scale means that aligning these two groups is a critical step towards delivering a fast and secure user experience.
A recent global SANS Institute survey found that only 30 percent of SecOps...
Incidents involving supply chain vendors pose increasingly significant risks to health data, says Rick McElroy of Carbon Black, who addresses "island hopping" and other emerging threats.
With attackers continuing to hammer weaknesses in software, organizations must prioritize application security more than ever, says Ian Ashworth of Synopsys. Thankfully, developers and middle management - bolstered by agile methodologies and DevOps - are increasingly leading the charge.
In today's modern DevOps organizations, demonstrating security and compliance is still essential whether you are building in the cloud or on prem. As cloud infrastructure continues to evolve through the adoption of microservices and containers - demonstrating compliance becomes even more challenging.
In this...
Since Sentara Healthcare adopted a DevSecOps approach, CISO Daniel Bowden says, his security team has gained improved visibility into the entire application development process.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
