Articles about DevSecOps

New research shows increasing confidence among developers at large organizations with regards to knowledge gained from security training, but they are still spending a considerable amount of time on security-related tasks.

The study from Checkmarx looks at the current practices of development teams in large enterprises as they work toward more mature states of development, security and operations (DevSecOps).

Continue reading →

While moving systems to the cloud delivers many benefits, it also leads to complex dynamic environments that can be a real challenge when it comes to keeping them secure.

With the launch of a new Large Language Model (LLM)-powered cloud detection engine, Sweet Security aims to cut through the noise and allow security teams to tackle these environments with greater precision and confidence.

Continue reading →

Almost 70 percent of DevSecOps professionals can't detect AI source code origins, creating massive security risks, according to a new report.

The study from JFrog finds the majority of software developers and cybersecurity teams are lacking well-defined AI and Machine Learning (ML) source code usage visibility, provenance, and governance, leaving many organizations at risk.

Continue reading →

Last year was an AI milestone marked by enthusiasm, optimism, and caution. AI-powered productivity tools promise to boost productivity by automating repetitive coding and tedious tasks and generating code.  A year later, organizations are struggling to quantify the impact of their AI initiatives and are reevaluating metrics to ensure they reflect the desired business outcomes.

Measuring developer productivity has historically been a challenge, with or without the introduction of AI-powered developer tools. Last year, McKinsey & Company described developer productivity measurement as a “black box,” noting that in software development, “the link between inputs and outputs is considerably less clear” than other functions.

Continue reading →

The C-Suite’s perception of cybersecurity has evolved dramatically over the past decade. It’s gone from being an afterthought for technology departments to worry about, to a cornerstone for business survival and operational strategy. The heightened awareness of cybersecurity stems from a deeper grasp of the legal, reputational and financial implications of data breaches. This, combined with regulatory pressures such as the original NIS directive, has forced leaders to enhance their organizations’ cybersecurity measures.

The result is that 75 percent of organizations now report that cybersecurity is a high priority for their senior management team. While on the surface this should be celebrated, when digging deeper, conversations between CISOs and the wider C-Suite often just revolve around high-profile or user-centric security risks. More technical and advanced threats such as those related to application security are overlooked. The race to embrace AI and increasingly complicated cloud infrastructures have also made communicating cybersecurity priorities even more difficult for CISOs.

Continue reading →

In The DevSecOps Playbook: Deliver Continuous Security at Speed, Wiley CISO and CIO Sean D. Mack delivers an expert analysis of how to keep your business secure, relying on the classic triad of people, process, and technology to examine -- in depth -- every component of DevSecOps.

In the book, you'll learn why DevSecOps is as much about people and collaboration as it is about technology and how it impacts every part of our cybersecurity systems.

Continue reading →

A new report shows that CISOs find it difficult to communicate threats to the C-suite, which is leaving gaps in the organization’s understanding of cyberrisk.

The study from Dynatrace reveals that 87 percent of CISOs say application security is a blind spot at the CEO and board level.

Continue reading →

Over the years, security vendors have pushed companies to integrate their tools into the DevOps pipeline with the promise of being able to move faster and be more secure.

However, as businesses have matured their DevSecOps practices the more they have been hit by mountains of reported vulnerabilities and problems that have slowed them down. So, has DevSecOps failed in its promise? We talked to Eitan Worcel, CEO at Mobb, to find out.

Continue reading →

The technology world never stands still for very long and as new technologies emerge so too do new threats. With things like quantum computing on the verge of becoming mainstream it's important to understand their security implications.

We spoke to Archie Agarwal, founder and CEO of ThreatModeler to discuss how DevSecOps can help to identify and mitigate these new threats to cloud services.

Continue reading →

New research reveals that CISOs are finding it increasingly difficult to keep their software secure as hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production.

The study from Dynatrace shows 68 percent of CISOs say vulnerability management is more difficult because the complexity of their software supply chain and cloud ecosystem has increased.

Continue reading →

Cloud Native Security delivers a detailed study into minimizing the attack surfaces found on today's Cloud Native infrastructure.

Throughout the work, hands-on examples walk through mitigating threats and the areas of concern that need to be addressed. The book contains the information that professionals need in order to build a diverse mix of the niche knowledge required to harden Cloud Native estates.

Continue reading →

New research from Progress reveals that 73 percent of IT decision makers admit more could be done to improve their DevSecOps practices, with many organizations behind in their goals.

It's culture that is the biggest impediment to success, with 71 percent of respondents agreeing that culture is the biggest barrier to their DevSecOps progress, yet only 16 percent are prioritizing culture as an area to optimize in the next 12-18 months.

Continue reading →

Organizations are losing thousands of hours in time and productivity dealing with a massive backlog of vulnerabilities that they have neither the time or resources to tackle effectively, according to a new report.

The State of Vulnerability Management in DevSecOps report from vulnerability management platform Rezilion and the Ponemon Institute, shows 47 percent of security leaders report that they have a backlog of applications that have been identified as vulnerable.

Continue reading →

Pentest as a Service (PtaaS) company Cobalt is today launching Agile Pentesting, a new offering that provides more control and flexibility to better meet the needs of businesses through versatile, ad hoc testing.

Agile Pentesting allows organizations to identify and address vulnerabilities at a faster, more frequent rate to minimize risk. This contrasts with what Cobalt calls 'comprehensive pentesting', which is often done in support of business drivers like compliance or M&A activity, the new offering helps accelerate customers' DevOps journeys while aligning with their CI/CD pipelines.

Continue reading →

Only 22 percent of organizations have developed a formal DevSecOps strategy integrating security into software development lifecycle processes, according to a new report.

But the study from Mezmo shows an overwhelming percentage of those that do have a strategy report a positive impact on accelerating incident detection (95 percent) and response (96 percent) efforts.

Continue reading →