How to champion security in DevOps
Making the shift from DevOps to DevSecOps requires better communication, which you can help your teams accomplish with security training and enablement.
Posted in Agile, CI/CD & DevOps, Application Security
Taylor Armerding
Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.
Posts by Taylor Armerding:
How DevSecOps done right makes application security easier
How do you integrate application security into DevOps? By enabling your developers to address security issues with automation, integration, and training.
Posted in Agile, CI/CD & DevOps, Application Security
Security bugs and flaws: Both bad, but in different ways
Security flaws are different from bugs, but they endanger the security of applications and systems just the same. Here’s how to find and fix design flaws.
Posted in Software Architecture & Design
Drop the knife and back away from the AppSec budget
Tempted to cut your application security testing budget to cover shutdown losses? Remember that compromised assets are an even greater existential threat.
Posted in Application Security
5 software security courses to boost your skills, even under isolation
We’ve chosen five software security courses to help you and your team members prepare for the future of software development—no matter what it looks like.
Posted in Security Training & Awareness
The shift to remote work makes red team testing more important than ever
Closing your office cuts off several attack vectors—but remote working creates thousands more. Here’s why a red team assessment is so essential right now.
Posted in Data Breach Security
What the open source community can teach the suddenly remote workforce
Productive remote teamwork is possible. Just ask the open source community, who has been doing it for years. Here are some top tips for working remotely.
Posted in Developer Enablement
DevSecOps success takes people, not just technology
Want DevSecOps? Here are some tips to get your development, security, and operations teams communicating effectively and working toward a single purpose.
Posted in Agile, CI/CD & DevOps
How to deal with legacy vulnerabilities
Are you releasing software with legacy vulnerabilities that you put aside to address later but forgot about—or that you didn’t even know were in your code?
Posted in Application Security, Open Source Security
What is security debt, and how do I get out of it?
Security debt refers to the accumulation of vulnerabilities in your software that make it harder to protect your data and systems. How do you get rid of it?
Posted in Application Security
How DevSecOps done right makes application security easier
How do you integrate application security into DevOps? By enabling your developers to address security issues with automation, integration, and training.
Posted in Agile, CI/CD & DevOps, Application Security
Security bugs and flaws: Both bad, but in different ways
Security flaws are different from bugs, but they endanger the security of applications and systems just the same. Here’s how to find and fix design flaws.
Posted in Software Architecture & Design
Drop the knife and back away from the AppSec budget
Tempted to cut your application security testing budget to cover shutdown losses? Remember that compromised assets are an even greater existential threat.
Posted in Application Security
5 software security courses to boost your skills, even under isolation
We’ve chosen five software security courses to help you and your team members prepare for the future of software development—no matter what it looks like.
Posted in Security Training & Awareness
The shift to remote work makes red team testing more important than ever
Closing your office cuts off several attack vectors—but remote working creates thousands more. Here’s why a red team assessment is so essential right now.
Posted in Data Breach Security
What the open source community can teach the suddenly remote workforce
Productive remote teamwork is possible. Just ask the open source community, who has been doing it for years. Here are some top tips for working remotely.
Posted in Developer Enablement
DevSecOps success takes people, not just technology
Want DevSecOps? Here are some tips to get your development, security, and operations teams communicating effectively and working toward a single purpose.
Posted in Agile, CI/CD & DevOps
How to deal with legacy vulnerabilities
Are you releasing software with legacy vulnerabilities that you put aside to address later but forgot about—or that you didn’t even know were in your code?
Posted in Application Security, Open Source Security
What is security debt, and how do I get out of it?
Security debt refers to the accumulation of vulnerabilities in your software that make it harder to protect your data and systems. How do you get rid of it?
Posted in Application Security
