True connected feedback loops in Application Security begin with understanding offense. It's the only way to inform appropriate defense.
Read More ...
We continue discussing the Trust Algorithm by optimizing the last variable and the only one in the denominator, apparent self-interest.
The third variable of Larry Maccherone's the Trust Algorithm for DevSecOps is about optimizing empathy, or how much you show that you care about someone else’s
A letter to software developers from a cryptominer taking advantage of known vulnerabilities.
Too-narrow a focus on speed to fix vulnerabilities, can turn DevOps into BugOps. BugOps is releasing code quickly to fix vulns without considering their
The DevSecOps Trust Algorithm wouldn't be possible without reliability. The basic idea is to make and meet commitments. Seems simple, but DevSecOps can't
Java Deserialization Vulnerability Found to be Widespread Across SaaS Vendor SDKs
What can security people do to make their jobs and lives easier? How can Dev, Ops, DevOps all work better and better understand what makes sec folk tick? Maybe
When using vulnerable versions of the framework, organizations are breached. Everyone knows the Equifax story, but for folks like me who have been paying
© Sonatype 2018
Funding for the site contributed by Sonatype. It’s run by the DevSecOps community. Site and DevSecOps logo design by Viget.