Articles about DevSecOps

In the past security has been something that was added only at the end of the development process. But as release cycles have accelerated this is no longer a viable approach.

DevSecOps (development, security and operations) is all about automating the integration of security at every phase of the software development lifecycle.

Continue reading →

As the number of breaches shows no sign of reducing, cybersecurity and development professionals are feeling the pressure to maintain their organizations’ security postures.

New research from Invicti Security finds DevSecOps professionals spend more than four hours each workday addressing security issues that never should have happened in the first place.

Continue reading →

Only 45 percent of respondents to a recent survey believe it is currently possible to prevent all malware threats from infiltrating their organization's network.

The survey from Deep Instinct does show some longer term optimism though. 66 percent of respondents believe it may be possible to prevent all malware threats from infiltrating their organization's network in the next two to five years.

Continue reading →

A new study shows that 70 percent of respondents 'frequently' or 'always' complete projects without carrying out all security steps, due to tight timelines and pressure to innovate.

The report from Invicti Security also shows that 78 percent of development and security respondents have suffered increased stress levels this year and 73 percent have actually considered quitting their job because of it.

Continue reading →

Containers have provided greater flexibility and enabled developers to think less about their infrastructure. However, securing them presents a challenge.

Traditional workload protection technologies designed for static workloads don't work well on minimized, ephemeral container workloads. There's also increased use of open source software that presents additional risks.

Continue reading →

Many enterprises have adopted DevOps practices in order to streamline their development. But security is all too often treated as an afterthought.

There is of course a way around this which is to integrate security into the DevOps pipeline, in other words move to DevSecOps.

Continue reading →

While 83 percent of IT decision makers say their organizations are implementing DevOps practices, many have stalled at a mid-stage of evolution.

A report from infrastructure automation company Puppet shows that it isn't technology but rather cultural blockers which remain the biggest hurdle to reaching DevOps maturity.

Continue reading →

New research from Deep Instinct finds that 78 percent of SecOps professionals are concerned that cyber adversaries will develop and deploy AI to cause a global cyber incident in the next 12 months.

The study of 600 IT and cybersecurity professionals finds more than half of respondents believe ransomware or zero-day attacks are the biggest threats to their organization.

Continue reading →

Site reliability engineering (SRE), SecOps and developer teams are all supposed to be on the same side.

But mismatches in incentives between these groups can lead to challenges surrounding how and what information is shared across siloed teams. This creates a hazard where one team can shift deployment risk to another team, with no accountability back to the originating team.

Continue reading →

The transition to agile development, the rise of microservices, and an increased reliance on cloud services for business operations due to the pandemic have all contributed to an explosion in software development and a dramatic reduction in software delivery time.

But as the speed and complexity of application development skyrockets, application security professionals increasingly find themselves unable to keep up. Silicon Valley startup ArmorCode has produced a next-generation application security solution that consolidates three key AppSec needs into a single intelligent platform and it's raised $3 million in seed financing to develop it further.

Continue reading →

The single most important driver of DevSecOps programs is improving the security, quality, and resilience of software, according to a new report. But insufficient automation in software development is the number one cause of delays in product releases.

The study from Security Compass shows bringing technology to market faster is the second most important driver, while cost reduction is the least important.

Continue reading →

DevSecOps methodology is an important, rapidly growing trend worldwide, with 63 percent of respondents to a new study reporting they are incorporating some measure of DevSecOps into their software development pipelines.

The survey of 1,500 IT professionals conducted by the Synopsys Cybersecurity Research Center (CyRC) and Censuswide also shows 33 percent have DevSecOps in a mature or widely deployed state in their business.

Continue reading →

In order to meet short deployment cycles, 73 percent of security professionals and developers feel forced to compromise on security according to a new report.

The study into DevSecOps from open source security and license management specialist WhiteSource, based on responses from over 560 developers in the US and Europe, finds that 20 percent of respondents describe their organizations' DevSecOps practices as 'mature', while 62 percent say they are improving, with only 18 percent being classed as 'immature'.

Continue reading →

DevSecOps, the integration of security into DevOps processes, is in increasingly common use. Logging and log management play a critical role in helping to put DevSecOps principles into practice by ensuring that developers, IT operations staff, and security teams have the visibility and communication pipelines they need to prioritize security at all stages of the DevOps delivery cycle.

We spoke to Ryan Staatz, systems architect and head of DevOps at LogDNA to discuss how log management fits in the toolchain of technology and practices that create a successful DevSecOps initiative.

Continue reading →