Software Vulnerabilities August 9, 2022

Controlling the Source: Abusing Source Code Management Systems

13 min read - For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within…

Intelligence & Analytics September 16, 2021

How DevSecOps Can Secure Your CI/CD Pipeline

2 min read - Many companies today automate their software development life cycle with continuous integration and continuous delivery (CI/CD). It’s part of the broader DevOps movement to speed software development while reducing errors. Continuous integration builds and tests code automatically, while continuous delivery…

Application Security June 24, 2021

Shifting Left With Analytics to Identify Software Supply Chain Anomalies

6 min read - If your work touches on the world of software development, you’ve likely heard the saying ‘software is eating the world’ by engineer/investor Marc Andreessen. He argued that building software was becoming the business and that it has completely taken over…

Application Security May 12, 2021

DevSecOps: Closing the Security Gap With Developers

2 min read - We talk a lot about building a culture in which every employee and department puts digital safety first. Everyone pitching in a little bit means the job gets done more thoroughly. Bringing developers, IT operations and security together in a…

Intelligence & Analytics April 2, 2021

Software Composition Analysis: Developers’ Security Silver Bullet

4 min read - Security experts are always looking for a silver bullet. New products promise to resolve all your issues. Typically, these products overpromise to expand market share. Most attacks we see these days occur not because of genius attacks. Instead, they’re due…

Cloud Security March 29, 2021

Are Cloud-Native IAM Controls Good Enough for Your Enterprise?

3 min read - Organizations of every type and size are looking to the cloud for a multitude of benefits, including agility, quick time-to-value, cost savings and scalability. But enterprise-scale deployments can make this process complex, more so as it relates to identity and…

Application Security February 9, 2021

Intro to DevSecOps: Why Integrated Security is Key in 2021

3 min read - The unprecedented events of 2020 only accelerated the adoption of cloud-based business models. These highly scalable solutions and services have made work easier for employees calling in from home. However, the drastic increase in internet and application usage last year…

Application Security December 7, 2020

How to Transform From DevOps to DevSecOps

3 min read - DevOps is a mindset as well as a business tactic. It’s a cultural shift that merges operations with development and employs a linked toolchain to create change. In turn, DevSecOps seeks to merge security into DevOps. This can be helpful…

Application Security May 7, 2020

Are Current Security Assurance Models Suitable for the Digital World?

3 min read - A proactive security assurance model is a key enabler for delivering an effective operating model that encompasses the protection of people, processes and technology.

Incident Response April 15, 2020

Extend Your Incident Response Program to DevOps With Security Automation

4 min read - By linking security and DevOps use cases through common automation practices, security teams can better scale their ability to respond quickly and effectively to security incidents.