DevSecOps
Update to Open Source ZAP Tool Improves DAST Performance
An update to the OWASP Zed Attack Proxy (ZAP) open source dynamic application security testing (DAST) tool made available today improves performance by employing a multi-threaded passive scanner engine. Version 2.12.0 of ...
PlanSecOps: Incorporating Security Strategies in Design
Mike O'Malley | | Cybersecurity Awareness Month, devops, devsecops, security by design, Security Framework, software developmentOrganizations that don’t adapt and change aren’t likely to survive. The same can be said about DevSecOps, a discipline created to ensure security is baked into the software development process, not an ...
The Scariest Things About SCA
It is a time of ghouls, mischievous spirits and David S. Pumpkins. In the spirit of Halloween, here are the top five scariest limitations of software composition analysis (SCA) tools that are ...
Meta Income Down by Half | Will Apple Make it Worse? | Linux Secure Boot Fix
Richi Jennings | | Apple, facebook, in-app purchase, initrd, iOS, Lennart Poettering, linux, Mark Zuckerberg, Meta, Metaverse, secure boot, systemd, The Long View, Your time is limited—so don’t waste it living someone else’s lifeIn this week’s The Long View: Meta’s latest results are very bad, Apple wants its cut of Facebook ads, and Lennart Poettering proposes improving Secure Boot for Linux ...
Sigstore Code Signing Service Becomes Generally Available
A free digital signing service for software created by the Sigstore open source community has become generally available this week via the cloud. Announced at the SigstoreCon event that occurred during the ...
JFrog Gives Pyrsia to CD Foundation to Secure Software Supply Chains
At the KubeCon + CloudNativeCon North America conference this week, JFrog announced it contributed the Pyrsia project, which uses blockchain technologies to secure software packages, to the Continuous Delivery (CD) Foundation. Stephen ...
Three Ways to Speed up SAST
In modern, continuous software development life cycle (SDLC) processes, when code is written and before it’s committed to the repository, it’s run through testing, which may include unit testing, regression testing or ...
Why You Should Consolidate Your IAM
It’s not often you can get a win that makes your IT processes easier while simultaneously improving your cybersecurity. In fact, oftentimes making improvements in one area (for example, improving IT processes) ...
Sonatype Report Surfaces Scope of Known Vulnerability Challenge
Sonatype this week published a State of the Software Supply Chain Report that found a 633% year-over-year increase in malicious attacks aimed at open source software residing in public repositories. In addition, ...
Making SBOMs Actionable
A software bill of materials (SBOM) is a list of all the software components found in a given codebase or used in a given software build. Great. So, now what? Why do ...
JFrog Adds Module to Better Secure Software Supply Chains
JFrog today added a JFrog Advanced Security module to its Artifactory repository that enables DevOps teams to scan both binaries and source code for vulnerabilities and misconfigurations. Stephen Chin, vice president of ...
Keeping the DevOps Pipeline Flowing as Attack Surfaces Grow
The attack surfaces that today’s businesses and public entities must manage have never been more complex and difficult to protect. The introduction of cloud and SaaS offerings over the past decade has ...
