DevSecOps

For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or so it seems. This month we ...

Qualys this week reported the discovery of a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH servers (sshd) that could potentially impact more than 14 million Linux systems ...

Container security is crucial in the age of microservices and DevOps. Learn about common container vulnerabilities, container security scanning, and popular tools to secure your containers in this comprehensive guide ...

Parts of the FreeRTOS kernel are MISRA 2012 compliant (details are here). I am quite impressed with the work done to make a project originally written without MISRA in mind MISRA-compliant.  They used ...

Improve workflows with collaborative incident management to minimize vulnerabilities and enhance productivity with GitGuardian while empowering developers via ggshield ...

This month we dive into CheckPoints CVE-2024-24919 to explain what this vulnerability does and why we have seen it being used in the wild already! ...

Static and dynamic app testing are cornerstones for any comprehensive AppSec program, yet they rarely rise up to the challenges of fully securing modern software. Discover why secrets are one of their ...

Incorporating DevSecOps into CNAPP strategies can improve the way organizations develop and secure their applications ...

Last episode of C.J. May's series on implementing a DevSecOps program: how to harden your software delivery pipelines to maintain robust security measures ...

You know that sinking feeling after you hit “commit”? That moment when you suddenly wonder, “Wait, did I just accidentally expose an API key or hardcode The post How to Use Git ...