Americas

Asia

Europe

  • United Kingdom

Oceania

Popular Topics

Topics

About

Policies

Our Network

More

HomeDevSecOps

DevSecOps

Software Development | News, how-tos, features, reviews, and videos

Jump to
Latest Articles Events Resources Podcasts
news analysis
Image

Python GitHub token leak shows binary files can burn developers too

Scrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub.

By Lucian Constantin
11 Jul 20245 mins
DevSecOpsApplication SecuritySoftware Development
feature
Image

Software supply chain still dangerous despite a slew of efforts

By Cynthia Brumfield
10 Jul 202410 mins
Cloud SecuritySecurity PracticesSupply Chain
news analysis
Image

Windows path conversion weirdness enables unprivileged rootkit behavior

By Lucian Constantin
19 Apr 20245 mins
Windows SecurityThreat and Vulnerability ManagementVulnerabilities
feature

OWASP Top 10 OSS Risks: A guide to better open source security

By Chris Hughes
11 Apr 202411 mins
Threat and Vulnerability ManagementVulnerabilitiesOpen Source
news analysis

Dangerous XZ Utils backdoor was the result of years-long supply chain compromise effort

By Lucian Constantin
02 Apr 202410 mins
Data and Information SecuritySupply ChainVulnerabilities
news

Majority of commercial codebases contain high-risk open-source code

By Grant Gross
29 Feb 20244 mins
Security AuditsOpen SourceSoftware Development
feature

Roundup: Global software supply chain security guidance and regulations

By Chris Hughes
08 Jan 20248 mins
GovernmentSupply ChainSecurity Practices
news

Almost all developers are using AI despite security concerns, survey suggests

By John P. Mello Jr.
29 Nov 20234 mins
Development ToolsSecurity PracticesSupply Chain
feature

NIST provides solid guidance on software supply chain security in DevSecOps

By Chris Hughes
19 Oct 20239 mins
DevSecOpsSupply ChainSecurity Practices

Articles

feature

How CISOs can shift from application security to product security

Product security teams are becoming more popular for the in-depth security approach they take when compared to appsec teams. But there is more to it, which includes creating a security-conscious culture.

By Ericka Chickowski
30 Aug 2023 10 mins
Application SecuritySoftware Development
news

Arnica’s real-time, code-risk scanning tools aim to secure supply chain

Arnica adds new software supply chain security capabilities delivered through real-time code risk management tools.

By Shweta Sharma
16 May 2023 4 mins
DevSecOpsSupply ChainSoftware Development
news

GitGuardian’s honeytokens in codebase to fish out DevOps intrusion

GitGuardian honeytokens are decoy scripts designed to lure out attackers looking to target critical DevOps environments and enterprise secrets.

By Shweta Sharma
11 Apr 2023 4 mins
Intrusion Detection SoftwareSoftware Development
news

UK data regulator issues warning over generative AI data protection concerns

The UK's Information Commission’s Office reminds organizations that data protection laws still apply to unfiltered data used to train large language models.

By Charlotte Trueman
04 Apr 2023 3 mins
Data PrivacyGenerative AIArtificial Intelligence
feature

23 DevSecOps tools for baking security into the development process

Catch and remediate application vulnerabilities earlier and help integrate security in the the development process with these five categories of DevSecOps tools.

By James Martin and George V. Hulme
09 May 2022 8 mins
Application SecuritySecuritySoftware Development
news

Chainguard launches native Kubernetes compliance software Enforce

Chainguard’s Enforce is designed to help developers define and enact policies for container images to enable safer deployment.

By Shweta Sharma
27 Apr 2022 3 mins
Application SecuritySoftware Development
news analysis

GitHub makes Advisory Database public to improve software supply chain security

Researchers, academics, and enthusiasts can now contribute to and benefit from free, open-source security data on software supply chain vulnerabilities.

By Michael Hill
22 Feb 2022 3 mins
DevSecOpsSoftware Development
news analysis

NPM JavaScript registry suffers massive influx of malware, report says

The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.

By Shweta Sharma
03 Feb 2022 5 mins
SecuritySoftware Development
feature

Top 10 in-demand cybersecurity skills for 2021

The list of needed security skills is long and growing. Here's what experts say is driving the demand.

By Mary K. Pratt
15 Dec 2020 9 mins
IT SkillsRisk ManagementCareers
feature

How secure are your AI and machine learning projects?

Artificial intelligence and machine learning bring new vulnerabilities along with their benefits. Here's how several companies have minimized their risk.

By Maria Korolov
26 Nov 2020 14 mins
Application SecurityData and Information SecuritySecurity
feature

4 best practices to avoid vulnerabilities in open-source code

Open-source code in public repositories might contain malware or unintentional vulnerabilities. Here's how to best manage finding and mitigating potential problems.

By Ax Sharma
13 Aug 2020 7 mins
Application SecurityOpen SourceSecurity
feature

What is devsecops? Why it’s hard to do well

Devsecops is about introducing security earlier in the life cycle of application development, thus minimizing vulnerabilities and bringing security closer to IT and business objectives.

By Lucian Constantin
23 Jul 2020 10 mins
Application SecurityDevopsSecurity
View all

Resources

whitepaper

Best Practices in Cybersecurity and Cyber Resilience

In today’s digital world, consumers and employees expect organizations of all types and sizes to operate without interruption. In fact, contractual obligations and service level agreements demand it.

The post Best Practices in Cybersecurity and Cyber Resilience appeared first on Whitepaper Repository –.

By Cohesity Inc.
26 Aug 2024
Business OperationsCybercrimeData and Information Security
Image
whitepaper

Cyber resilience in the ransomware era

By Cohesity Inc.
26 Aug 2024
Business OperationsCybercrimeSecurity
Image
whitepaper

Unlock the power of AI and ML for data protection

By Cohesity Inc.
26 Aug 2024
Artificial IntelligenceBusiness OperationsMachine Learning
Image
View all

Video on demand

video

How to code an interactive shiny app to search Twitter: Do More With R bonus video

Learn how to turn code from Episode 41 into an interactive shiny Web app.

25 Jan 2020 16 mins
AnalyticsSoftware Development
See all videos

Explore a topic

Show me more

feature

How to ensure cybersecurity strategies align with the company’s risk tolerance

By Rosalyn Page
03 Sep 202410 mins
CSO and CISORisk Management
Image
news

North Korean hackers actively exploited a critical Chromium zero-day

By Shweta Sharma
02 Sep 20243 mins
Zero-day vulnerability
Image
feature

Ransomware recovery: 8 steps to successfully restore from backup

By Maria Korolov
02 Sep 202417 mins
RansomwareMalwareBackup and Recovery
Image
podcast

CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe

07 Aug 202417 mins
CSO and CISO
Image
podcast

CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi)

17 Jul 202417 mins
CSO and CISO
Image
podcast

CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands

08 Jul 202418 mins
CSO and CISO
Image
video

CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe

07 Aug 202417 mins
RansomwareZero TrustCloud Security
Image
video

CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi)

17 Jul 202417 mins
CSO and CISO
Image
video

Cybersecurity Insights for Tech Leaders: Addressing Dynamic Threats and AI Risks with Resilience

10 Jul 202424 mins
CSO and CISO
Image