Organizations face major challenges gaining visibility into networks that grow more complex by the day, and Corelight CEO Brian Dye says the open-source community can help with gathering evidence and insights from networks so that the perimeter is better secured.
WhiteSource has renamed itself Mend as the company pushes beyond software composition analysis to become a broad application security platform with automated remediation. The name WhiteSource didn't have any negative connotations when the company was founded, but some people today find it offensive.
The Linux Foundation and the Open Source Security Foundation have put forth a nearly $150 million investment plan, spread across two years, to strengthen open-source security in the U.S. The plan was announced at the Open Source Software Security Summit II in Washington, D.C., on Thursday.
In light of research saying 41% of organizations had an API security incident in the last year and 63% of the incidents involved a data breach or loss, Filip Verloy of Noname Security discusses how tighter integration of API security testing and other "shift left" strategies can mitigate breaches.
How do we reflect on the Log4j crisis and emerge with lessons learned to apply to the next big application security incident? Julian Azaret shares insights, including how ITOps and SecOps must collaborate in new ways to ensure better preparedness.
Fresh from the Log4j mitigation sprint, enterprises now find themselves confronting cultural barriers between application development and security. Larry Maccherone of Contrast Security shares insight on how to tear down these walls and incentivize new behaviors.
As ransomware threats continue to grow in 2022, cyber insurance companies have clearly stated that they do not want to talk about the "cyber" part of insurance, says Sri Lanka-based Sujit Christy, group CISO at John Keells Holdings PLC.
"Mainframe" and "modernization" are not often used in the same sentence. But Eric Odell and Paul Allard of BMC Software share a mainframe DevOps strategy that can result in cost savings, automation efficiencies and reduced risk of mainframe defects.
Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push unreviewed code to a protected branch, allowing it into the pipeline to production.
As the risks to IT and OT converge, organizations must use "zero trust" to verify user identities and build effective monitoring capabilities to track the behavior of privileged users, say Kartik Shahani of Tenable and Rohan Vaidya of CyberArk.
Amid digital transformation initiatives, the application shift to the cloud has been happening at a historic pace. James Brotsos of Checkmarx and James Ferguson of AWS discuss what this shift means for securing cloud DevOps and what each of their organizations brings to their partnership.
Travis CI, a Berlin-based continuous integration testing vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, potentially putting thousands of organizations at risk. Those using Travis CI should change their secrets immediately.
To make the transformation to a DevSecOps approach, enterprises must slowly change the corporate culture by finding early adopters and starting small, says Sean D. Mack, CIO and CISO at Wiley, an education and research company.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cio.inc, you agree to our use of cookies.