null

Advancing Application Delivery

Are you in an organization implementing Continuous Delivery? Are you a manager who wants to see your applications respond at the pace of the market - or better, be in front of ...
SCA Data rolled up into the dashboard in Fortify on Demand

New Micro Focus, Sonatype Partnership Provides 360 Degree View of AppSec

In today’s world, we know that most security breaches occur because of application vulnerabilities. We also know that most typical software applications are, on average, comprised of 85% open source software. These ...

The Three R’s of Software Supply Chains: Reject, Replace, and Respond

A great article from 2016 came up in a recent conversation. This article has come up a few times in my conversations about DevSecOps since it was first published. Justin Smith’s The ...

Security Should Stop Being a Drag

About a year ago during my talk at the Nexus User Conference, and during a Virtual Session for RSA Conference APJ, I mentioned that a pipeline shouldn’t fail just because a security ...
2018 Causes of Data Breaches

DevSecOps & Chaos Engineering: Knowing the Unknown

Engineered chaos - is that an oxymoron? Not really. By creating chaos in your software development environments you help build more stable and secure systems. Why is this valuable and how can ...
Additional DevSecOps Architecture Reference Material

Take This Interactive DevSecOps Reference Architecture For a Test Drive

How do you get started with DevSecOps? There is so much to consider -- people, processes, tools, and measurement. To help plan and build a DevSecOps practice we’ve offered 40 reference architecture ...

Sonatype Users Reveal the Benefits of Automated DevSecOps

Are DevSecOps policy enforcement tools a productivity benefit or burden that stifles creativity? It depends on the software ...

Success Requires Reflection on DevSecOps Failures

It was just over a year ago on an extremely hot and humid day in Singapore when a group of DevSecOps nomads gathered to share our stories at DevSecOps Days. We represented ...
null

Continuous Authorization with DevSecOps

Software development within the federal government often begins with an alignment to the Authorizations to Operate (ATO) and related, required security processes. Sometimes, these are an impediment to DevSecOps. So how can ...

Security Organizations Need to Start Thinking Like Developers

Many years ago when I was studying architecture a professor once told the class that, as architects, if we designed a space that a contractor couldn’t fit a hammer into, our best ...
Loading...