Operations models are coming at us fast and furious these days. To top that off, DevOps and DevSecOps adoption and maturity are only increasing during the pandemic. It’s now incumbent for DevOps and DevSecOps teams to get all their system configurations under the same level of control and governance as they do with their application …
How GitOps plays in a DevOps and DevSecOps World Read More »
SolarWinds and now Codecov point to the need for enterprises to better manage how they procure and intake open source software (OSS) into their DevOps life-cycle. While OSS is “free” it’s not without internal costs as you procure the software and bring it to bear in your enterprise software. Here are five open source procurement …
As the tech industry continues to gather lessons learned from the SolarWinds and now Codecov breaches, it’s safe to say that artificial intelligence and machine learning are going to play a role in the future of DevSecOps. Enterprises are already experimenting with AI and ML with the hopes of reaping future security and developer productivity …
We aren’t about to stop hearing about the need for a software bill of materials (SBOM) and software supply chains security anytime soon. You can expect more news about a Presidential executive order about SBOMs and a new software supply chain breach at Codecov that we’re all still learning more about. Impending Executive Order about …
2 SBOM & Supply Chain Security News Items to Watch Read More »
The Continuous Authority to Operate (cATO), sometimes known as the Rapid ATO, is becoming necessary as the DoD and civilian agencies are putting more applications and data in the cloud. Speed and agility are becoming increasingly critical to the mission as the government seeks new features and functionalities to support the warfighter and other critical US …
Continuous Authority to Operate: The Realities and the Myths Read More »
It’s time to make evaluating and mitigating software supply chain security risks at the top of mind as government agencies, corporations, industry analysts, and security firms try to chart a course forward for supply chain security after the SolarWinds hack. Security Challenges Here are some software supply chain security challenges you should keep at top …
Software Supply Chain Security: Now is the Time to Act Read More »
As organizations open up the software bill of materials (SBOM) to their security teams, there is a future of the SBOM as source data for threat intelligence is becoming abundantly clear. Applying intelligence to SBOM data is a natural step in a world where DevOps and DevSecOps teams use a range of tools and technologies …
The SBOM + Threat Intelligence are the Future of Software Supply Chain Security Read More »
The software bill of materials (SBOM) is gaining renewed attention and notoriety post-SolarWinds. More companies and government agencies seek deeper transparency into the software components entering their software supply chain. While there are critics out there that believe that the SBOM is a misguided concept for DevSecOps, the continuing evolution of DevSecOps, much less the …
The software bill of materials (SBOM) and the open source software (OSS) communities have long had close ties because of their community governance models and strategies. However, OSS projects often don’t ship with SBOMs. 90% of enterprise IT leaders are using enterprise open source today, according to Red Hat’s The State of Enterprise Open Source …
The Software Bill of Materials (SBOM) through an Open Source Lens Read More »
The role of the SBOM in software development and software supply chain security is gaining renewed attention in the aftermath of the SolarWinds Compromise. Here’s an overview of the SBOM, the standards that govern it, and the evolving role it’s playing in software supply chain security. What Is an SBOM? A software bill of materials …
Getting to Know and Love Your Software Bill of Materials (SBOM) Read More »