Developers get more confident in security but are still spending too much time on it


New research shows increasing confidence among developers at large organizations with regards to knowledge gained from security training, but they are still spending a considerable amount of time on security-related tasks.
The study from Checkmarx looks at the current practices of development teams in large enterprises as they work toward more mature states of development, security and operations (DevSecOps).
New LLM-powered engine helps secure complex cloud environments


While moving systems to the cloud delivers many benefits, it also leads to complex dynamic environments that can be a real challenge when it comes to keeping them secure.
With the launch of a new Large Language Model (LLM)-powered cloud detection engine, Sweet Security aims to cut through the noise and allow security teams to tackle these environments with greater precision and confidence.
70 percent of DevSecOps professionals can't identify AI source code origins


Almost 70 percent of DevSecOps professionals can't detect AI source code origins, creating massive security risks, according to a new report.
The study from JFrog finds the majority of software developers and cybersecurity teams are lacking well-defined AI and Machine Learning (ML) source code usage visibility, provenance, and governance, leaving many organizations at risk.
Measuring AI effectiveness beyond productivity metrics


Last year was an AI milestone marked by enthusiasm, optimism, and caution. AI-powered productivity tools promise to boost productivity by automating repetitive coding and tedious tasks and generating code. A year later, organizations are struggling to quantify the impact of their AI initiatives and are reevaluating metrics to ensure they reflect the desired business outcomes.
Measuring developer productivity has historically been a challenge, with or without the introduction of AI-powered developer tools. Last year, McKinsey & Company described developer productivity measurement as a “black box,” noting that in software development, “the link between inputs and outputs is considerably less clear” than other functions.
Unlocking cybersecurity success: The need for board and CISO alignment


The C-Suite’s perception of cybersecurity has evolved dramatically over the past decade. It’s gone from being an afterthought for technology departments to worry about, to a cornerstone for business survival and operational strategy. The heightened awareness of cybersecurity stems from a deeper grasp of the legal, reputational and financial implications of data breaches. This, combined with regulatory pressures such as the original NIS directive, has forced leaders to enhance their organizations’ cybersecurity measures.
The result is that 75 percent of organizations now report that cybersecurity is a high priority for their senior management team. While on the surface this should be celebrated, when digging deeper, conversations between CISOs and the wider C-Suite often just revolve around high-profile or user-centric security risks. More technical and advanced threats such as those related to application security are overlooked. The race to embrace AI and increasingly complicated cloud infrastructures have also made communicating cybersecurity priorities even more difficult for CISOs.
Get 'The DevSecOps Playbook: Deliver Continuous Security at Speed' (worth $19) for FREE


In The DevSecOps Playbook: Deliver Continuous Security at Speed, Wiley CISO and CIO Sean D. Mack delivers an expert analysis of how to keep your business secure, relying on the classic triad of people, process, and technology to examine -- in depth -- every component of DevSecOps.
In the book, you'll learn why DevSecOps is as much about people and collaboration as it is about technology and how it impacts every part of our cybersecurity systems.
Internal communication gaps leave enterprises vulnerable to attack


A new report shows that CISOs find it difficult to communicate threats to the C-suite, which is leaving gaps in the organization’s understanding of cyberrisk.
The study from Dynatrace reveals that 87 percent of CISOs say application security is a blind spot at the CEO and board level.
Are we being failed by DevSecOps? [Q&A]


Over the years, security vendors have pushed companies to integrate their tools into the DevOps pipeline with the promise of being able to move faster and be more secure.
However, as businesses have matured their DevSecOps practices the more they have been hit by mountains of reported vulnerabilities and problems that have slowed them down. So, has DevSecOps failed in its promise? We talked to Eitan Worcel, CEO at Mobb, to find out.
How DevSecOps can mitigate the cyber risks of emerging technologies [Q&A]


The technology world never stands still for very long and as new technologies emerge so too do new threats. With things like quantum computing on the verge of becoming mainstream it's important to understand their security implications.
We spoke to Archie Agarwal, founder and CEO of ThreatModeler to discuss how DevSecOps can help to identify and mitigate these new threats to cloud services.
Vulnerability management made harder by complex supply chains


New research reveals that CISOs are finding it increasingly difficult to keep their software secure as hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production.
The study from Dynatrace shows 68 percent of CISOs say vulnerability management is more difficult because the complexity of their software supply chain and cloud ecosystem has increased.
Get 'Cloud Native Security' (worth $24) for FREE


Cloud Native Security delivers a detailed study into minimizing the attack surfaces found on today's Cloud Native infrastructure.
Throughout the work, hands-on examples walk through mitigating threats and the areas of concern that need to be addressed. The book contains the information that professionals need in order to build a diverse mix of the niche knowledge required to harden Cloud Native estates.
Culture is the biggest barrier to DevOps and DevSecOps success


New research from Progress reveals that 73 percent of IT decision makers admit more could be done to improve their DevSecOps practices, with many organizations behind in their goals.
It's culture that is the biggest impediment to success, with 71 percent of respondents agreeing that culture is the biggest barrier to their DevSecOps progress, yet only 16 percent are prioritizing culture as an area to optimize in the next 12-18 months.
Vulnerability backlogs are too time-consuming to address


Organizations are losing thousands of hours in time and productivity dealing with a massive backlog of vulnerabilities that they have neither the time or resources to tackle effectively, according to a new report.
The State of Vulnerability Management in DevSecOps report from vulnerability management platform Rezilion and the Ponemon Institute, shows 47 percent of security leaders report that they have a backlog of applications that have been identified as vulnerable.
Agile Pentesting offers developers more control and flexibility


Pentest as a Service (PtaaS) company Cobalt is today launching Agile Pentesting, a new offering that provides more control and flexibility to better meet the needs of businesses through versatile, ad hoc testing.
Agile Pentesting allows organizations to identify and address vulnerabilities at a faster, more frequent rate to minimize risk. This contrasts with what Cobalt calls 'comprehensive pentesting', which is often done in support of business drivers like compliance or M&A activity, the new offering helps accelerate customers' DevOps journeys while aligning with their CI/CD pipelines.
DevSecOps delivers significant results but take up remains low


Only 22 percent of organizations have developed a formal DevSecOps strategy integrating security into software development lifecycle processes, according to a new report.
But the study from Mezmo shows an overwhelming percentage of those that do have a strategy report a positive impact on accelerating incident detection (95 percent) and response (96 percent) efforts.
Recent Headlines
Most Commented Stories
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
Regional iGaming Content
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.