Cybersecurity experts weigh in on the National Institute of Standards and Technology (NIST)'s updated guidelines for maintaining software supply chain security.
Amid an increased focus on the software supply chain, cybersecurity professionals and software developers and maintainers can foster clear communication to incorporate security into software from the start.
Where does the responsibility for code vulnerabilities lie, and how can cybersecurity leaders address these vulnerabilities? Find tools for determining the security of code and mitigating cyber risk in your organization.
A multi-use commercial and residential building will be secured by an access control and visitor management system from AMAG Technology and West Fire Systems. Read more about the tools used in this security case study.
Business leaders need security solutions that adapt to their environment and build off of the foundations they’ve set. New research from Johnson Controls highlights key areas of change that security executives can monitor.
A new report from Veriff analyzes data about the cybersecurity workforce, finding strong cybersecurity industries in the United States, Brazil and Mexico. The report also details which jobs are the most in-demand, having researched global job boards and roles at cybersecurity companies.
App security is too important to be an afterthought. With the threats facing modern web applications, organizations need to find a new way to ensure protection without impeding innovation. To move forward, security and DevOps will need to work together to solve the challenges they face—in terms of both security and organizational politics.
A more foundational goal is to make security and compliance part of the development process from the start. This is a transition that requires DevOps to bring along risk, security and compliance teams into the shared responsibility of making the organization resilient to change. But bringing the idea of shared responsibility to fruition can be difficult because there is a natural tension between DevOps and SecOps, as they have different charters and cultures. DevOps can be seen as more of a do culture (Atlassian calls this a “do-ocracy”) and SecOps can be seen as a control culture and they are inherently in conflict. To fulfill the promise of teaming for shared responsibility, DevOps and SecOps should align on three key objectives: collaboration, communication and integration.
Meet Ali Golshan, CTO and co-founder at StackRox, a Mountain View, Calif.-based leader in security for containers and Kubernetes. Prior to StackRox, he was the Founder & CTO of Cyphort (acquired by Juniper Networks) and led the company's product strategy and research initiatives. Previously, he worked as a security researcher and engineer at Microsoft and PwC. His career started in government, conducting security and vulnerability research for the intelligence community. Here, we talk to Golshan about the benefits of DevOps.
If you’re in business today, no matter what your “core” product or service is, you are almost certainly a software company. It is nearly impossible to run a business without it. That means you should know about the Building Security In Maturity Model—better, and more conveniently, known as the BSIMM.
.webp?height=168&t=1644856006&width=275 "software developer")
