Why Security & DevOps Can't Be Friends

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

weekstweets,
User Rank: Author
4/9/2016 | 11:15:41 AM

Not about DevOps

I agree, the column really focuses on legacy applications and not DevOps related practices. Rugged DevOps practices are being established in many organizations to embed automated security analysis very, very early and often in the development lifecycle.

The position in this article that security has changed in the past few years is absolutley spot on. One reality of this is that the velocity requirements for Dev and Ops has accelerated over the past few years. The other thing that changes the game is that Rugged DevOps embeds security practices in: a built in vs. bolt-on approach. Built in approaches establish better understanding, empathy, and performance. Bolt on approaches are typically challenged with siloed thinking.

Reply | Post Message | Messages List | Start a Board

50%

weekstweets,
User Rank: Author
4/9/2016 | 11:14:50 AM

Re: Click bait?

Reply | Post Message | Messages List | Start a Board

50%

schwartzathon,
User Rank: Apprentice
3/29/2016 | 4:13:48 PM

Click bait?

Interesting article with some good points, but it never addresses the DevOps approach to integrating security throughout the SDLC, and fails to consider the Defense in Depth practices espoused by SANS, OWASP, and government entities. Instead, the article proposes LANGSEC as something of a silver bullet for retrofitting security.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

COVID-19: Latest Security News & Commentary

Dark Reading Staff 9/21/2020

Cybersecurity Bounces Back, but Talent Still Absent

Simone Petrella, Chief Executive Officer, CyberVista, 9/16/2020

Meet the Computer Scientist Who Helped Push for Paper Ballots

Kelly Jackson Higgins, Executive Editor at Dark Reading, 9/16/2020

Live Events

Webinars

Dark Reading Cybersecurity Summit @ Interop Digital

Earn (ISC)2 CPEs at Interop Digital, Oct 5-8

Interop Digital, Oct. 5-8; Learn the skills necessary for managing a IT Org

More Informa Tech Live Events

White Papers

[Forrester Research] The State of Data Security & Privacy

2020 Gartner Market Guide for Network Detection & Response

How You Can Evaluate Your Org's Cybersecurity Readiness

Leveraging DevSecOps to Secure Cloud-Native Applications

EMA Evaluation Guide to Privileged Access Management

More White Papers

Cartoon

Latest Comment: Yes Mother I know I've been eating too many cookies again! You can stop talking about that now......

Cartoon Archive

Current Issue

Special Report: Computing's New Normal

This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How IT Security Organizations are Attacking the Cybersecurity Problem

The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.

Download Now!

Special Report: Understanding Your Cyber Attackers

0 comments

2020 State of Cybersecurity Operations and Incident Response

0 comments

The Changing Face of Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-25514
PUBLISHED: 2020-09-22

Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.

CVE-2020-25515
PUBLISHED: 2020-09-22

Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.

CVE-2020-14022
PUBLISHED: 2020-09-22

Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Star...

CVE-2020-14023
PUBLISHED: 2020-09-22

Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.

CVE-2020-14024
PUBLISHED: 2020-09-22

Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuratio...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]