Risk management focus shifts from external to internal exposure

Coalfire released its fourth annual Securealities Penetration Risk Report which analyzes enterprise and cloud service providers (CSPs) internal and external attack vectors, application development and mobile app security, social engineering and phishing, and PCI- and FedRAMP-specific findings, with data segmented by industry and company size. The report reflects the results of more than 3,100 penetration […]

Continue Reading

How can organizations benefit from full-stack observability?

New Relic published the 2022 Observability Forecast report, which captures insights into the current state of observability, its growth potential, and the benefits of achieving full-stack observability. As IT and application environments increasingly move toward complex, cloud-based microservices, the research found technology professionals have bold plans to ramp up observability capabilities to get ahead of […]

Continue Reading

Development of secure software now an imperative for global DevOps teams

GitLab released the results of its annual DevSecOps survey which highlights the continued prioritization of security and compliance, investment in toolchain consolidation, and the ongoing impacts of rapid DevOps adoption. This Help Net Security video reveals how organizations continue to consolidate their DevOps toolchains and processes. The post Development of secure software now an imperative […]

Continue Reading

How automation can solve application development challenges

Security Compass has published the results of a research study examining developer views on application security, including the challenges and opportunities they face in their secure development efforts. In order for software developers and security teams to effectively collaborate and ensure that a company’s software products are secure, developers need automated, current, relevant, and actionable […]

Continue Reading

Patch critical flaw in Atlassian Bitbucket Server and Data Center! (CVE-2022-36804)

A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances. About CVE-2022-36804 Bitbucket Server and Data Center are used by software developers around the world for source code revision control, management and hosting. CVE-2022-36804 is a command injection vulnerability in multiple […]

Continue Reading

Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884)

GitLab has fixed a remote code execution vulnerability (CVE-2022-2884) affecting the Community and the Enterprise Edition of its DevOps platform, and has urged admins to upgrade their GitLab instances immediately. The vulnerability was reported through the company’s bug bounty program and there is no mention of it being actively exploited in the wild. About CVE-2022-2884 […]

Continue Reading

Is security becoming a priority for DevOps teams?

GitLab released the results of its annual DevSecOps survey which highlights the continued prioritization of security and compliance, investment in toolchain consolidation, and the ongoing impacts of rapid DevOps adoption. The survey consisted of 5,001 respondents, including developers, operations and security practitioners and organizational leaders. It found that, following two years of explosive technological adoption, […]

Continue Reading