Posts Tagged ‘DevSecOps’

GitHub blighted by “researcher” who created thousands of malicious projects

Just over a year ago, we wrote about a “cybersecurity researcher” who posted almost 4000 pointlessly poisoned Python packages to the popular repository PyPI. This person went by the curious nickname of Remind Supply Chain Risks, and the packages had project names that were generally similar to well-known projects, presumably in the hope that some of them would […]

Leave a Comment

Developers Remediate Less Than a Third of Vulnerabilities

Developers Remediate Less Than a Third of Vulnerabilities Developers are regularly ignoring security issues as they deal with an onslaught of issues from security teams, even as they are expected to release software more frequently and faster than ever before. In addition, developers fix just 32% of known vulnerabilities, and 42% of developers push vulnerable […]

Leave a Comment

Adding Data Privacy to DevSecOps

Colorado and Virginia passed new data privacy laws in 2021. Connecticut and Oklahoma are among the states that could enact new legislation around data privacy protections in 2022. California, which kicked off the conversation around data privacy at the state level, is updating its laws. Couple that with the EU’s GDPR and other data privacy laws enacted […]

Leave a Comment

Divide Between Security, Developers Deepens

Security professionals work hard to plan secure IT environments for organizations, but the developers who are tasked with implementing and carrying these plans and procedures are often left out of security planning processes, creating a fractured relationship between development and security. This was the conclusion from a VMware and Forrester study of 1,475 IT and security managers, […]

Leave a Comment

APPSEC TESTING APPROACHES

AppSec testing Approach CheatSheet pdf download 5 Things a Pen Tester Looks for When Evaluating an Application PenTest as a Service The Web Application Hacker’s Handbook

Leave a Comment

Hiring remote software developers: How to spot the cheaters

How are software development applicants cheating? Prior to COVID-19, many companies had engineering applicants take coding skills assessments in person. On-premises testing allowed employers to control the environment and observe the applicant’s process. Now, employers are providing these assessments (and getting observations) remotely, and applicants (almost exclusively at the junior level) are gaming the platforms. The […]

Leave a Comment