Articles

Connected feedback loops in Application Security — Understand offense to inform defense

Aug 2, 2018 4:14:08 PM by Chetan Conikee

True connected feedback loops in Application Security begin with understanding offense. It's the only way to inform appropriate defense.

Read More ...

The Trust Algorithm for DevSecOps - v03

The Trust Algorithm - Part 5 - Apparent Self-Interest

Jul 26, 2018 11:00:00 AM by Larry Maccherone

We continue discussing the Trust Algorithm by optimizing the last variable and the only one in the denominator, apparent self-interest.

Read More ...

The Trust Algorithm for DevSecOps - v03

The Trust Algorithm - Part 4 - Empathy

Jul 13, 2018 2:08:52 AM by Larry Maccherone

The third variable of Larry Maccherone's the Trust Algorithm for DevSecOps is about optimizing empathy, or how much you show that you care about someone else’s

Read More ...

0

Dear Developer ... Sincerely, a Serial Cryptominer

Jun 18, 2018 4:50:14 PM by Hack Overflow

A letter to software developers from a cryptominer taking advantage of known vulnerabilities.

Read More ...

Have something to say?

unnamed

BugOps vs. DevOps

Jun 13, 2018 9:01:00 AM by Mike Shema

Too-narrow a focus on speed to fix vulnerabilities, can turn DevOps into BugOps. BugOps is releasing code quickly to fix vulns without considering their

Read More ...

The Trust Algorithm for DevSecOps - v03

The Trust Algorithm as Applied to DevSecOps: Part 3 - Reliability

Jun 11, 2018 5:01:23 PM by Larry Maccherone

The DevSecOps Trust Algorithm wouldn't be possible without reliability. The basic idea is to make and meet commitments. Seems simple, but DevSecOps can't

Read More ...

Inspector_Gadget_1

Many SaaS Vendor SDKs Plagued with Java Deserialization Vulnerability

May 22, 2018 5:53:11 PM by Chetan Conikee

Java Deserialization Vulnerability Found to be Widespread Across SaaS Vendor SDKs

Read More ...

DevSecOps Days SF - Final Panel - Featured Image

DevSecOps: It's a People Thing [video]

May 9, 2018 10:34:24 AM by Alan Shimel

What can security people do to make their jobs and lives easier? How can Dev, Ops, DevOps all work better and better understand what makes sec folk tick? Maybe

Read More ...

Screen Shot 2018-05-07 at 12.00.54 PM

Can You Name the Nine Struts Breaches?

May 7, 2018 10:43:13 PM by Derek E. Weeks

When using vulnerable versions of the framework, organizations are breached. Everyone knows the Equifax story, but for folks like me who have been paying

Read More ...

My Post (2)

Connected feedback loops in Application Security — Understand offense to inform defense

Aug 2, 2018 4:14:08 PM by Chetan Conikee

True connected feedback loops in Application Security begin with understanding offense. It's the only way to inform appropriate defense.

Read More ...