Software Integrity

Archive for the 'DevOps' Category

 

Making the skies safe and secure with DO-178C compliance

A little background on DO-178 We live with software failure every day—from cell phones and laptops that crash or hang to headline-grabbing stories of personal data breaches. Software has been used in safety-critical airborne applications for decades, but fatalities caused by software are unheard of in civil aviation. Why this difference? The reason is the […]

Continue Reading...

Posted in DevOps, Software Quality, Static Analysis (SAST), Weekly Security Mashup

 

Enable DevSecOps with Coverity: deliver secure code, faster

The timeless demand to reduce time to market has put DevOps in a position to solidify itself as a defining characteristic of modern SDLCs. While the need to accelerate software development is as old as software development is, the need to produce secure software is currently gaining traction in light of recent software security blunders. […]

Continue Reading...

Posted in CI/CD, DevOps, Static Analysis (SAST)

 

5 essentials for getting your bearings in a DevSecOps world

As we rapidly move toward DevSecOps, it’s worthwhile to take a breath and orient ourselves. Development and operations teams have already come a long way by aligning around the shared goal of delivering stable, high-quality software—quickly. By automating manual processes and building tools into the continuous integration and continuous delivery (CI/CD) pipeline, they’ve increased trust […]

Continue Reading...

Posted in Application Security, DevOps, Software Security Testing

 

North Korea hacking, JScript RCE, World Cup a cyberthreat target?

Software Integrity Insight is your resource on the cyber security and open source security news that made headlines this week, including news on North Korea hacking, the remote code execution vulnerability exposed in JScript, and how the World Cup 2018 might be a ripe target for cyber crime. Read on! The Cybersecurity 202: North Korea […]

Continue Reading...

Posted in Application Security, DevOps, Open Source Licenses, Open Source Security

 

OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

Black Duck by Synopsys announces OpsSight 2.0. Abbott strengthens pacemaker software against vulnerabilities. A year after disclosure, the Struts vulnerability is still a danger to thousands of companies. And the new Synopsys Security Mashup video is up. Software Integrity Insight is your resource on the cyber security and open source security news that made headlines […]

Continue Reading...

Posted in Application Security, Blockchain Security, Containers, DevOps, Medical Device Security, Static Analysis (SAST)

 

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

Static application security testing (SAST) is the process of examining source code for security defects. SAST is one of the many checks in an application security assurance program designed to identify and mitigate security vulnerabilities early in the DevSecOps process. Integrating SAST tools into DevSecOps processes is critical to building a sustainable program. The automation […]

Continue Reading...

Posted in DevOps, Static Analysis (SAST)

 

Infographic: What’s with the security / DevOps disconnect?

Download infographic  

Continue Reading...

Posted in Application Security, CI/CD, DevOps

 

8 takeaways from NIST’s Application Container Security Guide

Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and dependencies in all their container images, the security risk associated with containerized software delivery has become a hot topic in DevOps. This puts the spotlight on operations teams […]

Continue Reading...

Posted in Application Security, Containers, DevOps

 

A new study finds that security in DevOps processes is lagging

According to a new study conducted by 451 Research and Synopsys, security in DevOps processes is lagging despite advantages and opportunities. While many organizations are still in the early days of replacing organizational silos with DevOps teams implementing continuous integration and continuous delivery (CI/CD) workflows, the benefits of streamlined, collaborative development approaches are clear: They […]

Continue Reading...

Posted in DevOps

 

RSA news, Israel shifts to open source, latest on TaskRabbit breach

RSA happened last week, and a ton of news—some gloomy, some encouraging—has come from the world’s largest cyber security conference. The Israeli government follows Great Britain, the U.S., and France and moves to open source. TaskRabbit pledges “more security” after a data breach, and nine things you can expect to have an impact on cyber […]

Continue Reading...

Posted in Application Security, Data Breach, DevOps, Open Source Security, Security Conference or Event