Comments
From DevOps to DevSecOps: Structuring Communication for Better Security
Newest First  |  Oldest First  |  Threaded View
tom.gillis
50%
50%
tom.gillis,
User Rank: Author
2/21/2018 | 5:45:09 PM
Is DevSecOps the right answer?
No doubt it makes sense to build apps in a way that a single SEIM can provide a holistic view.  But that's not the entire security story - that's really just consolidatiing the forensics.  As we move into a world with cloud native applications, it is risky to rely on developers to also think about operations AND security.  Is it possible that one person can optimize all three?  Organizations have utilized the seperation of duties model for years for the simple reason that focus and accountability brings results.  Increasing developer awareness of security is of course a good thing and likely to yield some results. But maintaining a strong, independant security team just seems to make sense.  Beyond the org structure, the security tools need to evolve to bring the seperation of duties model to the self service cloud.  Amazon took a big step forward with recent enhancements to their IAM capabilites, segmenting some security functions from day to day dev and ops functions.  But there's still a long way to go for the tools to enforce true seperation of duties.  DevOps yes.  DevSecOps and security is all taken care of?  Doubtful.
roberthawk
50%
50%
roberthawk,
User Rank: Author
2/19/2018 | 6:46:34 PM
Re: SIEM as Hub
In regard to "If change management is central, why are you focusing on the SIEM as central?".  Though the SEIM traditionally has been used as a 'security' device or system, it is evolving into the organizations information systems nerve processing center.  Shipping logs to the SIEM from internal and external systems can be used to detect issues within the network.  The same is true for change management logs.  In effect connecting change management to the SEIM is useful in regard to detecting possible outages that may result due to bad or incorrect changes implemented.  in regard to "DevSecOps should bring together all IT operational teams, not merely orchestrate silo'd security tools."  It is easy to dictate to people the necessity to collaborate and they may try to.  Creating technology bridges across silos may be a great way to start tearing down the silo walls.
GeoffZ290
50%
50%
GeoffZ290,
User Rank: Apprentice
2/15/2018 | 11:02:01 AM
SIEM as Hub
If change management is central, why are you focusing on the SIEM as central? The SIEM focuses on threats, not context. Your CMDB provides risk context including for change management. If you don't know clearly what you are protecting you will focus on threats for which you have no underlying exposure. DevSecOps should bring together all IT operational teams, not merely orchestrate silo'd security tools.


WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17437
PUBLISHED: 2018-09-24
Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17438
PUBLISHED: 2018-09-24
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17439
PUBLISHED: 2018-09-24
An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.
CVE-2018-17432
PUBLISHED: 2018-09-24
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
CVE-2018-17433
PUBLISHED: 2018-09-24
A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.