Why ASPM is critical now—and how you can make it happen
By 2026, 40% of organizations will have an Application Security Posture Management solution (ASPM) in place, according to Gartner. What’s driving the need for ASPM solutions? The Cloud Security Alliance (CSA) recently surveyed 2,000+ practitioners to uncover pain points in vulnerability remediation and security posture management and the results illuminate ... Read More
The Narrow Escape from the xz Disaster
In the intricate world of software supply chain, the recent near-miss incident with CVE-2024-3094–the xz/liblzma backdoor–serves as a potent reminder of our system's fragility and the constant vigilance required to safeguard it. In short, a widely used open source package was compromised to add a backdoor to its officially released ... Read More
The Dazz Unified Remediation Platform is Here
Before co-founding Dazz, I felt the pain of trying to remediate security issues firsthand. While working as a part of the Microsoft Security Response Center, we witnessed a growing vulnerability backlog that made it extremely challenging to figure out what to fix first. We were already at the point of ... Read More
The Road to Autonomous Cloud Security Remediation
Back in the data center days, a typical enterprise had one or two applications and one or two engineering teams to deploy them. When there was a vulnerability, an engineer could simply log into a server and fix it. The problem was that no one did that in practice, which ... Read More
Pipeline sprawl in DevOps: It’s a thing
CI/CD pipeline sprawl is happening faster than you can rein it inCompanies are developing software in the cloud in a big way. Under the umbrella of digital transformation, and driven by customer expectations and competitive pressure, they’re building more software than ever — applications to run their business more efficiently, ... Read More
How to remediate OpenSSL CVE-2022-XXXXX
BRIEF SUMMARY FOR THE UNINFORMEDLast Tuesday the OpenSSL project announced that they will be issuing a fix for a critical vulnerability with the release of OpenSSL 3.0.7. OpenSSL is the de facto standard implementation for SSL and TLS, which is how most traffic is encrypted these days. OpenSSL flaws are ... Read More
Cloud security is broken but it doesn’t have to be
CONTINUOUS DELIVERY IS HERE TO STAYDevelopment is in the cloud in a big way. Modern engineering teams have built continuous integration pipelines, pulling together code repositories, continuous integration platforms, testing, orchestration, and monitoring tools within and across cloud platforms. We bolster this with mostly-automated, closed-loop DevOps workflows that emphasize speed ... Read More
