Hot Topics

sdlc

How to integrate SBOMs into the software development life cycle

How to integrate SBOMs into the software development life cycle

| | SBOM, sdlc, software bill of materials, Software Development
The widespread availability of third-party and open source software has significantly accelerated modern software development. These technologies also pose a risk, because the external code used by a company has not gone ...
Sonatype Blog
Visualize Your Open Source Governance With BOM Doctor

Visualize Your Open Source Governance With BOM Doctor

| | BOM Doctor, Open Source Tools, SBOM, sdlc, secure software supply chain
  ...
Sonatype Blog

SCA and CI/CD: The Most Delicious Alphabet Soup

| | CI/CD Security, SBOM, SCA, sdlc, software bill of materials, Software Composition Analysis, Uncategorized
In the continuous delivery (CI)/continuous delivery (CD) pipeline, one of the key ingredients to add to the pot is software composition analysis (SCA), an automated process that identifies the open source software ...
Rezilion

Where is Your Risk? Vulnerabilities in Software Development

| | Application Security, DevSecOps, DevSecOps Automation, DevSecOps tools, sdlc, Secure Coding, Software Development, Uncategorized, Vulnerability Management
Organizations are facing a variety of software-related risks, and vulnerabilities introduced in the development process are just one of them. The sooner they can figure out where these risks exist and how ...
Rezilion

Securing a Windows Development Environment

| | DevSecOps tools, dynamic sbom, sdlc, Software Attack Surface Management, software bill of materials, software supply chain, Uncategorized, Windows SBOM, Windows security
For many development organizations, Microsoft Windows remains the dominant operating platform. Therefore, ensuring the security of these systems needs to be a high priority for security leaders and teams and a Windows ...
Rezilion

Launching a Vulnerability Management Program

| | DevSecOps, dynamic sbom, SBOM, sdlc, Software attack surface, Software Attack Surface Management, software bill of materials, Uncategorized, Vulnerability Management
Launching a vulnerability management program requires a few methodical steps When President Biden’s executive order shone a light on the need to modernize and strengthen cybersecurity at the federal level, that arguably ...
Rezilion

Organizations Want to Adopt DevSecOps. What’s Getting in Their Way?

| | CI/CD Security, DevSecOps, DevSecOps Automation, DevSecOps tools, Ponemon Institute, sdlc, Uncategorized, Vulnerability Management
Security leaders are eager to move to a DevSecOps approach—and why wouldn’t they be? DevSecOps has been emerging as a key component in organizations’ efforts to build strong security into all the ...
Rezilion

DAST is the future of AppSec – here are 5 reasons why

| | Automation, Cybersecurity, DAST, sdlc, Web Application Security, Web security
Outside-in or dynamic application security testing (DAST) has become a must-have for today’s sprawling, ever-changing, multi-tech web environments. But automated DAST can be so much more than a tool – and here ...
Invicti

Cybersecurity and AI/ML Biases

| | AI, AI/ML Pipeline, Ajay Chander, Artificial Intelligence, CSO/CISO Perspectives, machine learning, ML, Ramya Srinivasan, sdlc, Spotlight, Technical
Cyberattackers and cyberdefenders appear to be utilizing AI (artificial intelligence) and ML (machine learning) to a rapidly increasing degree, if you are to believe the press, vendors’ claims and blogs. So, it ...
BlogInfoSec.com

Why Do I Need a Binary Repository Manager?

| | Nexus Repository, Post developers/devops, Product, repository manager, sdlc
This is an excerpt from Out of the Wild: A Beginner's Guide to Package and Dependency Management, a Sonatype Guide. This is the final installment. (Read part one and part two.) So, ...
Sonatype Blog
Load more