Network Computing Dark Reading

Advertise

Endpoint //

Privacy

8/2/2018
02:00 PM

Ericka Chickowski
Slideshows

Connect Directly

0 comments
Comment Now

6 Ways DevOps Can Supercharge Security

Security teams have a huge opportunity to make major inroads by embracing the DevOps movement.

2 of 7

The Big Shift Left

The transformational trend toward DevOps is all about fostering close collaboration between developers, operations, and quality assurance (QA) pros. When organizations make the effort to add security into that mix � achieving what some call DevSecOps practices � enterprises gain the power to achieve what many security practitioners have long thought impossible.

"This movement we have with DevSecOps is really about bringing more security to software faster � shifting left," says Shannon Lietz, director of DevSecOps at Intuit.

In other words, security testing and requirements aren't laid out at the end of a lengthy waterfall process. Instead, security teams are included during the earliest stages of software design, and their input is woven into acceptance requirements from the start.

Image Source: Adobe Stock (illiano)

2 of 7

Comment |

Email This |

Print |

RSS

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Hot Topics

Editors' Choice

COVID-19: Latest Security News & Commentary

Dark Reading Staff 6/5/2020

How AI and Automation Can Help Bridge the Cybersecurity Talent Gap

Peter Barker, Chief Product Officer at ForgeRock, 6/1/2020

Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic

Kelly Jackson Higgins, Executive Editor at Dark Reading, 6/2/2020

Webinars

[Free Virtual Event] Using Microsoft in 2020 & Beyond

Don't Miss this Dark Reading Virtual Event on Critical Data Breaches

Thinking Like an Attacker: Strategies for Defense

Webinar Archives

White Papers

How Cybersecurity Incident Response Programs Work (and Why Some Don't)

Today's Non-Employee Lifecycle Management Without SecZetta

The Risk Management Blind Spot

SANS 2019 Threat Hunting Survey Report

Qualys VMDR -- All-in-One Vulnerability Management, Detection, and Response

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: What? IT said I needed virus protection!

Cartoon Archive

Current Issue

How Cybersecurity Incident Response Programs Work (and Why Some Don't)

This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

New Best Practices for Secure App Development

The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.

Download Now!

Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches

0 comments

The Top Cybersecurity Risks And How Enterprises Are Responding

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-13890
PUBLISHED: 2020-06-06

The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard.

CVE-2020-13889
PUBLISHED: 2020-06-06

showAlert() in the administration panel in Bludit 3.12.0 allows XSS.

CVE-2020-13881
PUBLISHED: 2020-06-06

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

CVE-2020-13883
PUBLISHED: 2020-06-06

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.

CVE-2020-13871
PUBLISHED: 2020-06-06

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]