Enterprises have struggled to strike a balance between speed and security and stability, said Sean D. Mack, author, speaker and former CIO and CISO at Wiley. DevSecOps is the superpower that resolves this long-standing conflict and allows organizations to deliver software faster and more securely.
In the latest weekly update, the former federal CISO, Grant Schneider, joins three editors at ISMG to discuss important cybersecurity issues, including advice for the next White House cyber director and liability concerns facing CISOs following SolarWinds and its CISO being accused of fraud.
How can generative artificial intelligence be adapted to automatically find and fix software vulnerabilities in critical code? Finding answers to that question is one of the "exciting prospects" tied to the AI Cyber Challenge recently announced by the White House, said NCC Group's Chris Anley.
From securing modular Kubernetes® components like Helm and Kustomize to automating security guardrails across the development lifecycle, DevSecOps for Kubernetes requires an integrated and modern approach. As the de facto container orchestrator, Kubernetes has undeniable benefits when it comes to building performant...
DevSecOps is all about maintaining security without sacrificing productivity or speed – especially for teams that are leveraging modern, cloud-native technologies such as infrastructure as code (IaC).
IaC has become a popular way to predictably and consistently provision infrastructure. It also gives teams the...
It’s simple: software composition analysis (SCA) helps teams prevent open source security and compliance risks.
But the choices have gotten complicated. While this automated application security process has been around for decades, the rise of agile, cloud-native development and the increase of open source...
A software supply chain security startup led by a longtime Google Cloud engineer closed a Series B round to help protect more open-source software. Seattle-area Chainguard said it can secure approximately 80% of the open-source software existing customers run in their enterprise today.
A Georgia-based firm that provides administrative services for health plans is among the latest firms reporting a major health data hack involving their use of Progress Software's MOVEit file transfer software. NASCO joined a growing list of health sector vendors hit by MOVEit hacks.
Snyk purchased a Portuguese startup founded by SonarSource and European Parliament veterans to help developers contribute to code bases more quickly. The Boston-based developer security vendor said its buy of Porto-based Reviewpad will help developers secure pull requests.
In the latest "Proof of Concept," DXC Technology IT CISO and CyberEdBoard member Mike Baker and Chris Hughes, co-founder and CISO of Aquia, join ISMG editors to discuss benefits, challenges and misconceptions of adopting open-source software in modern code bases - plus best practices for securing them.
In recent years, the adoption of public cloud infrastructures has surged, providing organizations with unparalleled flexibility and scalability. But this shift has also introduced a new set of challenges when it comes to protecting web applications and APIs that are hosted on these platforms.
Threat actors are exploiting another zero-day flaw in Cisco's IOS XE software to implant a malicious backdoor. The IOS XE operating system runs on a wide range of Cisco networking devices, including routers, switches, wireless controllers, access points and more.
Today, web apps and APIs are the most common medium for sharing and modifying data. As Web apps and APIs evolve, so does the attack surface. Application Security, Development, and Cloud Architects require a comprehensive solution to protect their Web Apps and APIs across any infrastructure.
Download this eBook, where...
Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers' location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder software, opening a permanent backdoor for unauthenticated attackers.
Veracode, Synopsys and Checkmarx remain atop Forrester's static application security testing list, while Micro Focus fell from the leaderboard after the OpenText buy. Firms have gone beyond evaluating the security of code itself and now assess the safety of the infrastructure the code is running on.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.
