Blog Posts Tagged with "DevOps"
Here’s How The Amazing Twitter Infosec Team Helps DevOps
December 25, 2012 Added by:Gene Kim
Want to see how infosec integrates into a DevOps work stream? Watch this fantastic talk by Justin Collins, Neil Matatall, and Alex Smolen from Twitter, called “Put Your Robots To Work: Security Automation at Twitter..."
Comments (0)
Migrating South: The Devolution Of Security From Security
December 20, 2012 Added by:Ian Tibble
Is the typical security portfolio of system administrators wide enough to form the foundations of an effective information security program? Not really. In fact its some way short. Security Analysts need to have a grasp not only on file system permissions, they need to know how attackers actually elevate privileges...
Comments (0)
Believe It or Not, DevOps and Infosec Are a Perfect Culture Match
October 14, 2012 Added by:Gene Kim
By integrating automated security testing into the deployment pipeline, just as the functional and integration tests are, information security testing becomes part of the daily operations of Development. As a result, security defects are found and fixed more quickly than ever...
Comments (0)
Rediscovering Our Way: OWASP AppSec Ireland 2012
September 20, 2012 Added by:Rafal Los
We can't expect the OWASP community to continue forward as a collection of application-security focused professionals without developer outreach, education, and more outreach. Application (and software) security isn't about security people at all, it's about developers...
Comments (0)
Are Applications and Services on the Public Cloud Secure?
September 15, 2012 Added by:Rafal Los
Any application that was built to be secured independently of the environment will do as well in a public cloud as it did in your private data center. If you build the application to be low-risk independent of your environmental controls you shouldn't have to worry where it lives...
Comments (0)
The SDLC Knowledge Gap in Motion: DevOps to the Rescue?
September 12, 2012 Added by:Rafal Los
I can't tell you the fun things we found in this pre-production environment when we started digging around during security testing. No, really, I can't tell you, but rest assured it didn't end with misconfigurations, or accidental code bits being included...
Comments (0)
Buggy out the Door: Externally Discovered Defects (EDD)
August 15, 2012 Added by:Rafal Los
What if 25% of your bugs actually ARE discovered by your customers? There is a collision of a few things here that makes this matter a lot less simple than we'd like, and a lot less convenient if you think you have a solution to the problem, but in the end it is a problem...
Comments (0)
Unsafe at Any Speed: Enterprises Misunderstand Software Quality
August 13, 2012 Added by:Rafal Los
I had a hard time believing that "going faster" could be more secure. It was difficult to wrap my brain around how deploying code in more rapid succession could mean that the code deployed could actually be safer... but I believe that to be true now. The one caveat here is "if it's done right"...
Comments (0)
Deploying Code Faster as a Security Feature?
July 24, 2012 Added by:Rafal Los
What if deploying faster is actually a security feature? I can empathize with the frustration many security professionals feel when they find a critical issue in an application only to be told that the patch will be rushed in about 3 months. I'd certainly love to hear that the update will be shipped this afternoon...
Comments (1)
Software Security Assurance: Figuring Out the Developers
July 18, 2012 Added by:Rafal Los
From organizations that don't care about the security of their applications to to those that follow "best practices", to those that never stop spending money and trying to improve - they all have one thing in common: They've experienced a security incident of varying levels of calamity...
Comments (0)
The Resilient Enterprise: Resolving Issues Faster
July 03, 2012 Added by:Rafal Los
How can we both restore service quickly and solve a long-term systemic problems when we can't always tell that two issues are even related? Optimize the analysis between changes, connected systems and components to figure out dependencies in cases such as linked and distributed failures...
Comments (0)
The Resilient Enterprise: Learning to Fail Part 2
June 25, 2012 Added by:Rafal Los
Failing with the support of a DevOps tribe can lead to a more resilient enterprise and ultimately better enterprise security. In the following few sections we're going to take a look at combining tools, processes and the tribe mentality to solve some otherwise ugly problems - and come out the other side...
Comments (0)
The Resilient Enterprise: Learning to Fail
June 22, 2012 Added by:Rafal Los
If the agile enterprise is to become a reality, not just something we talk about and write books about, then it needs to be a core ideal, served by every technical and non-technical function and products and services to enable that core ideal. The road to the agile enterprise starts with an awakening to DevOps...
Comments (0)
Software Security is a Business Problem
June 14, 2012 Added by:Rafal Los
Information Security hasn't figured out how to actually approach the problem of insecure code. Security is still largely seen as the "not my problem" problem. It's not that developers have singled out security as something they want to ignore - it's that they've got too many other things to worry about...
Comments (0)
What's in a Name: Does DevOps Need a Security Flavor?
June 12, 2012 Added by:Rafal Los
Lots of folks are trying to remove bottlenecks between development and deployment within an organization to get IT to a more agile state. Every once in a while someone talks about security - I've been trying to figure out whether and how we should be discussing the DevOps and security relationship...
Comments (0)
NoOps and the Role of Infosec in Software Development
May 23, 2012 Added by:Rafal Los
The NoOps approach to software provides an opportunity to tightly integrate security, but we've got to get it right. If you can implement security during these cycles, spend time analyzing how workstreams will flow and what tools will be used to standardize and automate...
Comments (1)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox