Operations | Monitoring | ITSM | DevOps | Cloud

The xz backdoor is a vulnerability in XZ Utils, a popular data compression library. The xz backdoor can let unauthorized users gain admin-level access to systems, endangering data security and much more. Read on to learn more about the xz backdoor, who’s affected, and what you can do now to find out if your systems are at risk.

Patch management software automatically applies updates to software, firmware, and other system components. Patching makes sure resources are up to date with the latest security and performance improvements to keep software protected and performing as expected.

Platform engineering metrics and/or platform engineering KPIs (Key Performance Indicators) can help us measure the success of this evolving approach and its impact on DevOps. According to our 2024 State of DevOps Report: The Evolution of Platform Engineering — 43% of organizations report that they have had a platform team from 3-5 years already. With this maturity, it’s important to measure what’s working and what isn’t working using the same indicators of success across the board.

SOC 2 compliance requirements (Service Organization Controls Type 2) ensure that customer data stays private and secure — essential for any business that stores or processes sensitive data. In this blog, we’ll explore the specifics of SOC 2 compliance, and provide a solution to help you automate and enforce SOC 2 compliance going forward.

Your cloud platform probably came with tools to secure and manage the resources you create. We call those cloud-native security tools because they’re proprietary to the vendor you’re using them on. Third-party alternatives, on the other hand, are usually created to be compatible with several cloud provider platforms at once.

Security and compliance are important in any organization. And most organizations use open source software (OSS) somewhere in their application stack. Open source compliance keeps OSS technologies secure by making sure they’re used in a way that aligns with security best practices, internal policies, and regulatory expectations.

What does the platform engineering roadmap look like as we head into its continued maturity? We recently conducted a survey to better understand the role and state of platform engineering — emphasizing those organizations who are using this tactic to greater success. Using this data, we will peek into the future and see where platform engineering is headed next.

Role-based access control (RBAC) is a way to secure IT systems and networks by limiting access to roles that can be assigned to individuals and groups of users. It makes sense for just about any IT team. After all, not everyone needs access to everything in a system, right? Different roles have different responsibilities, and those responsibilities require access to different things. RBAC makes sure that only the users who need access to certain services and resources have it.

Why make a migration from Ansible to Puppet — or in some cases, start with Puppet over Ansible right out of the gate? In this blog, we’ll explore some common reasons that organizations say they chose Puppet over Ansible, citing specific use case examples around the functionality of each platform.