Tag: DevSecOps

60% of Organizations Suffered a Container Security Incident in 2018, Finds Study

Many organizations have DevOps on their mind going into 2019. Firms will confront growing complexity and risk as they work to scale their DevOps initiatives in 2019. Part of this risk will come from their containers, for many organizations still lack transparency into these software pieces.

If they are to adequately mitigate their risk and minimize their exposure to digital threats, organizations will need to secure their containers. But are they prepared to do this? Tripwire’s State of Container Security Report found that 60 percent of organizations had been hit with at least one container security incident within the past year.

Read more about the findings of the new report on Tripwire.

DevSecOps is having a positive impact on security, but the state of security still has a long way to go

Even with a stronger focus on security this year, most software is still riddled with security vulnerabilities. According to Veracode’s State of Software Security (SOSS) report, 87.5 percent of Java applications, 92 percent of C++ applications, and 85.7 percent of .NET application contain at least one vulnerability. In addition, over 13 percent of applications contain at least one critical vulnerability.

“Our annual SOSS data puts hard evidence on the table to explain why so many security professionals experience anxiety when they think about application security (AppSec),” the report stated.

Read more about the findings of the Veracode report on SD Times.

Only 8% of orgs have effective DevSecOps practices

92 percent of organizations struggle to implement security into the entire DevOps process despite most saying they want to do so – a staggering capability gap exposed in the new, global data report commissioned by Checkmarx.

The study spotlights the biggest barriers to securing software today depending on where organizations sit on the DevOps maturity curve. Report findings are based on online survey input from 183 respondents worldwide, the majority of whom hold software development, IT and security professional titles.

Read more about the findings of the new report by Checkmarx on Help Net Security.

Security as a Quality Gate for DevOps

It’s hardly a controversial statement to say that DevOps is changing the way that organizations build and deploy applications. There’s plenty of material, stories, whitepapers and whole companies that demonstrate this trend. There are, however, a couple of things that make a discussion about security and DevOps important.

First, while there are a lot of organizations that have adopted DevOps tools and processes, there are many, many more that haven’t. In other words, DevOps is still fundamentally an early-stage technological movement. The second reason is that DevOps is set to transform security, and no one is quite sure what that means, though there are a lot of opinions on the topic.

Read why Tim Erlin, VP of Product Management & Strategy at Tripwire, believes that any DevSecOps discussion should start by looking at the pervasive industry problems, and learn what these problems are, on Tripwire.

6 Ways DevOps Can Supercharge Security

As the DevOps movement goes mainstream, IT security leaders have one of the best opportunities in a generation to significantly move the needle on protecting against cybersecurity risk across the entire IT stack.

DevOps’ emphasis on cross-functional teaming, incremental improvements, and continuous delivery of software makes it the perfect model to finally integrate security directly into the IT delivery rather than tacking it on as an afterthought.

Read about six ways in which DevOps stands to boost security practices on DarkReading.

The Two Biggest Disruptions To Cybersecurity Since The Invention Of The Firewall

One might consider the firewall the most significant invention in cybersecurity in the last 30 years. The firewall has certainly evolved since its inception in 1988 and recently upgraded to the next-generation firewall (NGFW). While NGFW is certainly part of the cybersecurity stack, NGFW is no longer revolutionizing the way we protect our critical business assets.

Today’s cybersecurity strategies have been disrupted by two new models: the Zero Trust model and DevSecOps.

Read more about Zero Trust DevSecOps to learn why Nicolas Chaillan, former Special Advisor for Cybersecurity at DHS, believes that these two models have disrupted today’s cybersecurity strategies, on Forbes.