Using open-source packages is becoming more and more popular. Open-source libraries are developed by the community for the community and many have already discovered the benefits of using them. However, many forget the security side of them. One of our community members Yahav Itzhak wrote a nice article about shifting left on vulnerability detection! Go check it out! #devsecops #oss-security
Another great read !
The 2020 DevSecOps Community Survey reveals further details between DevOps maturity and (security-) happy developers.
Register now and you may get selected to practise one of our hands-on Secure DevOps courses !
Want to know how about the human error leading to exposure of your resources through Kubernetes ?
Read our post on how Kubernetes can be a powerful way to increase security posture. By reducing blast radius and ensuring that pods cannot be touched by any other process within the cluster. Provided that the human error is mitigated !
#devsecops #shiftleft #kubernetes #containersecurity
NIST exploring possible DevSecOps frameworks for agencies
Making ’Sec’ transparant to your DevOps engineers is key in the start of your DevSecOps journey.
Effectiveness in your DevSecOps programme comes with developers that find your first steps frictionless and valuable. From our DevSecOps consulting practice the following key takeaways should be kept in mind for planning early stages, focused to build the crucial partnership with DevOps
Nearly half the organizations have delayed deploying containerized apps into production due to security concerns
Security hampers adoption of containers and Kubernetes. According to a StackRox study, more than 90% of respondents have experienced a security incident in deployments in the last year.
Since Puppet’s State of DevOps report in 2019 we noticed a correlation in the maturity of DevOps and the 22% of firms at the highest level of security integration, which are considered “advanced” in the DevOps evolution. Now Snyk’s report gives additional insights. For example, 31% of respondents aren’t tracking any application
dependencies and only 14% test for known vulnerabilities in container images.
You may have already noted the renewed website of the Chief Software Office of the US DoD. If not, you may check it out for its DoD Enterprise DevSecOps Initiative !
December 10, we had a very interactive DevSecOps-NL meetup on Service Mesh at ABN AMRO premises. In this post we share the presentation materials used by Erik Veld, presenter and developer advocate from Hashicorp. Implementing Service Mesh leads to new challenges, for instance on how to develop, implement and monitor intentions that play a role in authorized traffic between services. Would you share your opinion with us ?