In Las Vegas, agile and DevOps leaders discuss challenges and approaches for driving transformations that actually work.
In Las Vegas, agile and DevOps leaders discuss challenges and approaches for driving transformations that actually work.
Application Security pioneer and OWASP co-founder Jeff Williams discusses software supply chain attacks with Coveros CEO Jeff Payne.
Software security expert and CEO Jeff Payne discusses best practices for protecting your software delivery process from supply chain attacks in our next Coveros Conversation.
Explore four different threat modeling methodologies—STRIDE, PASTA, Trike, VAST—and assess their strengths and weaknesses.
Every day organizations incorporate DevSecOps into their software development, security, and operations practices to ensure they can build critical security controls into their agile software delivery. According to one survey, 84 percent of respondents said it’s difficult to reduce risk to their applications because they’re not able to monitor, detect, and prevent attacks at the application level. […]
DevSecOps shifts security practices left and assures earlier that your application isn’t vulnerable to breaches. But convincing a security group to get on board with your DevSecOps journey may not be an easy task. These four points can help you prove to your security group that DevSecOps is in everyone’s best interest.
DevSecOps shifts security practices left and assures earlier that your application isn’t vulnerable to breaches. But convincing a security group to get on board with your DevSecOps journey may not be an easy task. These four points can help you prove to your security group that DevSecOps is in everyone’s best interest.
With the trend toward a more continuous delivery and deployment process, late-lifecycle activities like security assurance present a significant hurdle to continuously delivering value to customers. DevSecOps addresses this by shifting security assurance activities, personnel, and automation closer to development.
I recently had the opportunity to do a web seminar with Jeff Payne about using open source tools for DevSecOps. In our discussion, I made the point that the goal of DevSecOps is to make application security a first-class citizen in the DevOps process. Making application security a first-class citizen improves the quality of your […]
DevOps means different things to different people. To me, it is a culture of communication and collaboration across the entire team. In DevOps, we have a software delivery pipeline that checks, deploys, and tests every build. The goal is to give us confidence that we are producing a viable candidate for production, so we have […]