Operations | Monitoring | ITSM | DevOps | Cloud

DevSecOps

Modeling and Unifying DevOps Data

“How can we turn our DevOps data into useful DevSecOps data? There is so much of it! It can come from anywhere! It’s in all sorts of different formats!” While these statements are all true, there are some similarities in different parts of the DevOps lifecycle that can be used to make sense of and unify all of that data. How can we bring order to this data chaos? The same way scientists study complex phenomena — by making a conceptual model of the data.

Government Organizations Embrace Upskilling In-House IT Staff to Meet the Latest Executive Orders

This post was co-written by Nazhin Beiramee, Jazmin Childress, Kevin Clark, and Nick Weiss. Advancement in technology, along with the ever changing political landscape (e.g., the Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government, as well as billions in funding to support this mandate, and a potential administration change after the 2024 election) uncover new needs, opportunities, and demands for government organizations.

An Insider Look at Zero Trust with GDIT DevSecOps Experts

As cyber attacks have become ever more sophisticated, the means of protecting against cyber attacks have had to become more stringent. With zero trust security, the model has changed from “trust but verify” to “never trust, always verify.” Joining D2iQ VP of Product Dan Ciruli for an in-depth discussion of zero trust security was Dr. John Sahlin, VP of Cybersolutions at General Dynamics Information Technology (GDIT), and David Sperbeck, DevSecOps Capability Lead at GDIT.

SBoMs Are Growing Up: Reflections on CISA's SBoM Conference

Last month, the Cybersecurity and Infrastructure Security Agency (CISA) organized a one-day software bill of materials (SBoM)-centric conference, both amusingly and aptly entitled SBoM-a-Rama. It was a hybrid event allowing for both in-person and remote participation; I chose the latter. As a long-term security practitioner, I’ve been observing the development of this field with great enthusiasm, but always from the periphery.

The DevSecOps Toolchain: Vulnerability Scanning, Security as Code, DAST & More

DevSecOps is a philosophy that integrates security practices within the DevOps process. DevSecOps involves creating a ‘security as code’ culture with ongoing, flexible collaboration between release engineers and security teams. The main aim of DevSecOps is to make everyone accountable for security in the process of delivering high-quality, secure applications. This culture promotes shorter, more controlled iterations, making it easier to spot code defects and tackle security issues.

DevSecOps and DevOps: Key Differences

DevOps and DevSecOps have gained more attention in recent years in the world of software development. While both of these methodologies emphasize the agile development process and team collaboration, there are some key differences that distinguish them. Understanding these distinctions is critical for software development teams and organizations to determine which methodology is best suited to their requirements. In this article, we’ll learn about the difference between DevOps and DevSecOps.

The Dark Side of DevSecOps and the case for Governance Engineering

For today’s software organizations security has never been more top of mind. On one side there is the present and growing threat of being hacked by malicious actors, set out in Crowdstrike’s recent Global threat report. And, on the other, there is a wave of cybersecurity regulation from the government to mitigate such cybersecurity vulnerabilities.

Supply Chain Levels for Software Artifacts (SLSA)

Supply chain Levels for Software Artifacts (SLSA) is a security framework that assists in ensuring the integrity of software artifacts throughout the software supply chain. The Open Source Security Foundation (OpenSSF) introduced SLSA in 2021 to protect software from sources through deployment by helping organizations to counter critical threats. SLSA provides a model for improving supply chain security and integrity, and offers guidance for solving issues related to developer or build systems as exploitable security vectors.

How your development team can streamline release management with the right collaboration platform

More than 26,000 software vulnerabilities were discovered in 2022 – a new record – and critical vulnerabilities were up 59% over 2021, the previous record-high year. In other words, despite years of DevSecOps, software doesn’t seem to be getting more secure. Release management can help. A crucial goal of release management is vulnerability-free software.

DevSecOps: A Modern Security Model for Digital Transformation

Developers and security experts are now tasked with bolstering, extending, and adjusting cloud and Kubernetes security to protect against cyberattacks that are ever more complex, volatile, and frequent. To foil attacks and create a secure foundation for applications and infrastructure from the beginning, DevSecOps (Development, Security, and Operations) has become the trending development and operations practice. In the DevSecOps model, security becomes a shared responsibility.