Blog Posts Tagged with "DevOps"

0e4d50f3874398fa86bb0633f1cd7ee4

“You’re Both Right…Now Go To Your Rooms!”

October 02, 2018 Added by:Reuven Harrison

Traditionally, DevOps and security have butted heads, which causes a stalemate.

Comments  (0)

Ffc4103a877b409fd8d6da8f854f617e

Study Shows Few Organizations Achieving "Full DevOps" Maturity

January 12, 2016 Added by:InfosecIsland News

According to the results of a new global study, commissioned by CA Technologies (NASDAQ:CA), only 20 percent of organizations that have attempted to implement DevOps have fully deployed it.

Comments  (0)

A1f4c2dd4be7f118911ec4e0df35aab1

Here’s How The Amazing Twitter Infosec Team Helps DevOps

December 25, 2012 Added by:Gene Kim

Want to see how infosec integrates into a DevOps work stream? Watch this fantastic talk by Justin Collins, Neil Matatall, and Alex Smolen from Twitter, called “Put Your Robots To Work: Security Automation at Twitter..."

Comments  (0)

1de705dde1cf97450678321cd77853d9

Migrating South: The Devolution Of Security From Security

December 20, 2012 Added by:Ian Tibble

Is the typical security portfolio of system administrators wide enough to form the foundations of an effective information security program? Not really. In fact its some way short. Security Analysts need to have a grasp not only on file system permissions, they need to know how attackers actually elevate privileges...

Comments  (0)

A1f4c2dd4be7f118911ec4e0df35aab1

Believe It or Not, DevOps and Infosec Are a Perfect Culture Match

October 14, 2012 Added by:Gene Kim

By integrating automated security testing into the deployment pipeline, just as the functional and integration tests are, information security testing becomes part of the daily operations of Development. As a result, security defects are found and fixed more quickly than ever...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Rediscovering Our Way: OWASP AppSec Ireland 2012

September 20, 2012 Added by:Rafal Los

We can't expect the OWASP community to continue forward as a collection of application-security focused professionals without developer outreach, education, and more outreach. Application (and software) security isn't about security people at all, it's about developers...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Are Applications and Services on the Public Cloud Secure?

September 15, 2012 Added by:Rafal Los

Any application that was built to be secured independently of the environment will do as well in a public cloud as it did in your private data center. If you build the application to be low-risk independent of your environmental controls you shouldn't have to worry where it lives...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The SDLC Knowledge Gap in Motion: DevOps to the Rescue?

September 12, 2012 Added by:Rafal Los

I can't tell you the fun things we found in this pre-production environment when we started digging around during security testing. No, really, I can't tell you, but rest assured it didn't end with misconfigurations, or accidental code bits being included...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Buggy out the Door: Externally Discovered Defects (EDD)

August 15, 2012 Added by:Rafal Los

What if 25% of your bugs actually ARE discovered by your customers? There is a collision of a few things here that makes this matter a lot less simple than we'd like, and a lot less convenient if you think you have a solution to the problem, but in the end it is a problem...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Unsafe at Any Speed: Enterprises Misunderstand Software Quality

August 13, 2012 Added by:Rafal Los

I had a hard time believing that "going faster" could be more secure. It was difficult to wrap my brain around how deploying code in more rapid succession could mean that the code deployed could actually be safer... but I believe that to be true now. The one caveat here is "if it's done right"...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Deploying Code Faster as a Security Feature?

July 24, 2012 Added by:Rafal Los

What if deploying faster is actually a security feature? I can empathize with the frustration many security professionals feel when they find a critical issue in an application only to be told that the patch will be rushed in about 3 months. I'd certainly love to hear that the update will be shipped this afternoon...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security Assurance: Figuring Out the Developers

July 18, 2012 Added by:Rafal Los

From organizations that don't care about the security of their applications to to those that follow "best practices", to those that never stop spending money and trying to improve - they all have one thing in common: They've experienced a security incident of varying levels of calamity...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Resilient Enterprise: Resolving Issues Faster

July 03, 2012 Added by:Rafal Los

How can we both restore service quickly and solve a long-term systemic problems when we can't always tell that two issues are even related? Optimize the analysis between changes, connected systems and components to figure out dependencies in cases such as linked and distributed failures...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Resilient Enterprise: Learning to Fail Part 2

June 25, 2012 Added by:Rafal Los

Failing with the support of a DevOps tribe can lead to a more resilient enterprise and ultimately better enterprise security. In the following few sections we're going to take a look at combining tools, processes and the tribe mentality to solve some otherwise ugly problems - and come out the other side...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Resilient Enterprise: Learning to Fail

June 22, 2012 Added by:Rafal Los

If the agile enterprise is to become a reality, not just something we talk about and write books about, then it needs to be a core ideal, served by every technical and non-technical function and products and services to enable that core ideal. The road to the agile enterprise starts with an awakening to DevOps...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security is a Business Problem

June 14, 2012 Added by:Rafal Los

Information Security hasn't figured out how to actually approach the problem of insecure code. Security is still largely seen as the "not my problem" problem. It's not that developers have singled out security as something they want to ignore - it's that they've got too many other things to worry about...

Comments  (0)

Page « < 1 - 2 > »