Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push unreviewed code to a protected branch, allowing it into the pipeline to production.
As enterprises adopt DevOps practices and leverage CI/CD pipelines to increase their pace of innovation and accelerate their digital transformation, security becomes increasingly essential. Security teams work to avoid disjointed security systems and practices which delay putting applications into production, and...
Whenever your organization creates and delivers mobile applications to either employees or end-customers, they are essentially also delivering a blue-print to bad actors on how to access your organization’s sensitive data.
As a security professional, you are already aware that “In-App” protection complements...
It is more important than ever to make applications robust and secure, but traditional application security has not kept pace with the demands of development and deployment. More needs to be done and as early in the software development lifecycle as possible.
The Checkmarx portfolio of products includes SAST, SCA,...
Travis CI, a Berlin-based continuous integration testing vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, potentially putting thousands of organizations at risk. Those using Travis CI should change their secrets immediately.
To make the transformation to a DevSecOps approach, enterprises must slowly change the corporate culture by finding early adopters and starting small, says Sean D. Mack, CIO and CISO at Wiley, an education and research company.
This edition of the ISMG Security Report features an analysis initiatives unveiled by the Biden administration to enhance supply chain and critical infrastructure security and address the cybersecurity skills gap. Also featured: LockBit 2.0 ransomware rep 'tells all'; misconfigured Microsoft Power Apps.
The Biden administration unveiled a package of supply chain and critical infrastructure security initiatives following a meeting at the White House with tech executives and others. Companies such as Google and Microsoft also promised billions in spending on cybersecurity over the next several years.
The global ‘State of Security 2021’ report recently published by Splunk and ESG Research presents insights and best practices from interviews with some of today’s most successful security leaders. This panel of experts will take a look at key report findings, and discuss the theory and practicality of best...
The global ‘State of Observability 2021’ report recently published by Splunk and ESG Research reveals IT leaders’ early investments in observability improve performance, customer experiences — and the bottom line.
Observability is obviously a good thing - there’s a lot that can go wrong with increasingly...
DevOps-driven adoption of new
technologies and processes
may mean security is an afterthought
and can expose new
gaps in security coverage and
Download this whitepaper which provides an overview of what DevSecOps is and how organizations can adopt its
practices in conjunction with technologies...
Kubernetes-native security is based on a single principle: security is implemented most effectively
when it is aligned with the system that is responsible for managing all of an organization’s containerized
Download this whitepaper which explores the six characteristics a security platform must...
The rapid adoption of open source projects can introduce vulnerabilities in standard
Kubernetes environments. OpenShift Container Platform supports these projects, allowing users to
gain open source advantages with a managed product’s stability and security. Red Hat OpenShift
offerings include five managed and...
Gartner predicts that more than 75% of global organizations will be running containerized applications in production, and it’s no wonder, because containers revolutionize app development, from speed of delivery to scalability.
Learn how containers help organizations save resources and quickly get software to...
The latest edition of the ISMG Security Report features an analysis of ransomware gang REvil’s threat to release stolen Apple device blueprints unless it receives a massive payoff. Also featured: discussions of the importance of a “shift left” strategy and efforts to secure cryptocurrencies.