“WTF is DevSecOps?”

If you’re a person working in security or software development, you’ve probably heard about DevSecOps before and wondered what it is or if it even works. Perhaps you’re a DevSecOps practitioner and ...

Getting Your Security Program to Shift Left: Operationalizing Security Controls via DevSecOps

DevSecOps is a hot topic. It’s touted as a utopia where automation saves time and money while cutting risk and reducing dependencies. In reality, without effective oversight, DevSecOps leaves orphaned technologies, unmaintained ...

Ryan Lockard Names the Seven Deadly Sins of DevSecOps [VIDEO]

Editor's Note: Ryan's story is included in "Epic Failures in DevSecOps, Volume 2", available for free download. "It is said in Roman Catholicism that each of the seven deadly sins is uniquely ...

Sladjana Jovanovic and Bill McArthur Move Silos to Communities [VIDEO]

Editor's Note: The chapter, "From Silos to Communities" is included in Epic Failures in DevSecOps, Volume 2, which is available for free download. "What Bill didn’t talk about was that this pod ...

Why Manual Verification Still Matters

In the last few years, we’ve continuously been hearing that we should automate, automate, automate. So it might be weird to hear that manual verification still matters. Jeroen Willemsen explains to us ...

For Distributed Teams, It’s Not All About the Tools

Sonatype is a distributed workforce. Most of us work remotely, and we are hiring. But before you apply, do you know what it means to work on such a team? ...

Larry Maccherone Says Pixie Dust Security is an Epic Failure [VIDEO]

Editor's Note: Larry's story is included in "Epic Failures in DevSecOps, Volume 2", available for free download. "You can characterize the history of software engineering as an unending cycle of pendulum swings ...

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

With thousands of security vulnerabilities reported each month in products ranging from hardware devices to firmware to popular software apps, how does one prioritise what needs the most attention? From a business ...

Get the Latest DevSecOps Reference Architecture

Since releasing the DevSecOps Reference Architecture last year I've received a ton of feedback from the community. I took the feedback and spent some time over the past several months to update ...

Three DevSecOps Lessons Drawn from Conversations with 45 CISOs

Recently, I moderated round table discussions between dozens of CISOs at Evanta CISO Summits in Chicago and Atlanta. My colleague, Michelle Dufty, moderated a similar event in San Francisco ...