For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022.…
Browsing CategoryDevOps
How DevSecOps Can Secure Your CI/CD Pipeline
Many companies today automate their software development life cycle with continuous integration and continuous delivery (CI/CD). It’s part of the broader DevOps movement to speed software development while reducing errors.…
Shifting Left With Analytics to Identify Software Supply Chain Anomalies
If your work touches on the world of software development, you’ve likely heard the saying ‘software is eating the world’ by engineer/investor Marc Andreessen. He argued that building software was…
DevSecOps: Closing the Security Gap With Developers
We talk a lot about building a culture in which every employee and department puts digital safety first. Everyone pitching in a little bit means the job gets done more…
Software Composition Analysis: Developers’ Security Silver Bullet
Security experts are always looking for a silver bullet. New products promise to resolve all your issues. Typically, these products overpromise to expand market share. Most attacks we see these…
Are Cloud-Native IAM Controls Good Enough for Your Enterprise?
Organizations of every type and size are looking to the cloud for a multitude of benefits, including agility, quick time-to-value, cost savings and scalability. But enterprise-scale deployments can make this…
Intro to DevSecOps: Why Integrated Security is Key in 2021
The unprecedented events of 2020 only accelerated the adoption of cloud-based business models. These highly scalable solutions and services have made work easier for employees calling in from home. However,…
Intro to DevSecOps: Why Integrated Security is Key in 2021
The unprecedented events of 2020 only accelerated the adoption of cloud-based business models. These highly scalable solutions and services have made work easier for employees calling in from home. However,…
How to Transform From DevOps to DevSecOps
DevOps is a mindset as well as a business tactic. It’s a cultural shift that merges operations with development and employs a linked toolchain to create change. In turn, DevSecOps…
Are Current Security Assurance Models Suitable for the Digital World?
With the constantly transforming cyber landscape, intruders are always finding new ways to exploit weaknesses in organizations’ systems and applications. As a result, cyber-related incidents have become one of the…