WhatsApp Security Flaw Stems from Vulnerable Open Source Library

What Developers Need to Know About WhatsApp’s Recent Security Dilemma

Last week, reports, like this one from Dark Reading, surfaced a remotely exploitable bug found in Facebook’s popular WhatsApp chat app, that spies on users and specifically targeted human rights groups. Facebook ...

Sonatype Hosts Global Gatherings of DevSecOps Leaders and Innovators

The month of October is dedicated to intimate gatherings of DevSecOps professionals, thought leaders, and decision makers in cities across North America and Europe. Participants tell us that these forums and roundtables ...

Security Should Stop Being a Drag

About a year ago during my talk at the Nexus User Conference, and during a Virtual Session for RSA Conference APJ, I mentioned that a pipeline shouldn’t fail just because a security ...

NIST Proposes Standards to Secure Government SDLC

Earlier this Summer, the National Institute of Standards and Technology (NIST), a part of the U.S. Chamber of Commerce, proposed a set of standards to address software supply chain attacks - and ...

Why Software Composition Analysis (SCA) Demands Precision

As leaders in software composition analysis (SCA), we know its role throughout today’s software supply chain. SCA was born out of necessity. How else could innovators discover, identify, and track open source ...

Using Process Oriented Design (POD) to Increase the Dependability of DevOps Processes

For many users, software often isn’t really appreciated until something breaks. Constant availability is an expectation, but, of course, 100% availability isn’t really a reality. When high-profile systems, like Netflix or AWS ...

GDPR Gets Teeth: British Airways and Marriott Fined

Yesterday the UK’s Information Commissioner Office proposed record setting fines under GDPR for £183 million to British Airways, followed by today’s announcement of a proposed £99 million fine to Marriott International following ...

Developers: We Must Evolve

Chris Roberts (@sidragon1), currently the Chief Security Strategist at Attivo Networks, really stood out last year at All Day DevOps. You really just have to watch his session, below, to truly appreciate ...
DevOps and Compliance can have separate agendas

Continuous Compliance and DevOps

Security, Compliance, and DevOps walk into a pipeline... Okay, I don’t have a joke that starts out that way. But, then again, this isn’t a joke - this is reality and something ...