DevSecOps

Making security and development co-owners of DevSecOps

Making security and development co-owners of DevSecOps 2025-07-18 at 09:41 By Mirko Zorz In this Help Net Security interview, Galal Ibrahim Maghola, former Head of Cybersecurity at G42 Company, discusses strategic approaches to implementing DevSecOps at scale. Drawing on experience in regulated industries such as finance, telecom, and critical infrastructure, he offers tips on ownership […]

React to this headline:

Loading spinner

Making security and development co-owners of DevSecOps Read More »

AI built it, but can you trust it?

AI built it, but can you trust it? 2025-07-07 at 09:02 By Mirko Zorz In this Help Net Security interview, John Morello, CTO at Minimus, discusses the security risks in AI-driven development, where many dependencies are pulled in quickly. He explains why it’s hard to secure software stacks that no one fully understands. He also

React to this headline:

Loading spinner

AI built it, but can you trust it? Read More »

Healthcare CISOs must secure more than what’s regulated

Healthcare CISOs must secure more than what’s regulated 2025-07-03 at 09:05 By Mirko Zorz In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. Jiang also

React to this headline:

Loading spinner

Healthcare CISOs must secure more than what’s regulated Read More »

Why AI code assistants need a security reality check

Why AI code assistants need a security reality check 2025-06-19 at 09:02 By Mirko Zorz In this Help Net Security interview, Silviu Asandei, Security Specialist and Security Governance at Sonar, discusses how AI code assistants are transforming development workflows and impacting security. He explains how these tools can boost productivity but may also propagate vulnerabilities

React to this headline:

Loading spinner

Why AI code assistants need a security reality check Read More »

Vet: Open-source software supply chain security tool

Vet: Open-source software supply chain security tool 2025-06-03 at 08:34 By Help Net Security Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages. Vet supports several ecosystems, including npm,

React to this headline:

Loading spinner

Vet: Open-source software supply chain security tool Read More »

Development vs. security: The friction threatening your code

Development vs. security: The friction threatening your code 2025-06-03 at 07:32 By Sinisa Markovic Developers are driven to deliver new features quickly, while security teams prioritize risk mitigation, which often puts the two at odds. 61% of developers said that it’s critical that security doesn’t block or decelerate the development process or become a barrier

React to this headline:

Loading spinner

Development vs. security: The friction threatening your code Read More »

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution 2025-03-13 at 13:49 By Matias Madou Organizations can align their processes with one of two global industry standards for self-assessment and security maturity—BSIMM and OWASP SAMM. The post Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution appeared first on

React to this headline:

Loading spinner

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution Read More »

Sola Security Deposits Hefty $30M Seed Funding

Sola Security Deposits Hefty $30M Seed Funding 2025-03-11 at 14:08 By SecurityWeek News The financing was provided by S Capital and investor Mike Moritz, S32, Glilot Capital Partners, and several angel investors. The post Sola Security Deposits Hefty $30M Seed Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Sola Security Deposits Hefty $30M Seed Funding Read More »

GitLab CISO on proactive monitoring and metrics for DevSecOps success

GitLab CISO on proactive monitoring and metrics for DevSecOps success 2025-01-09 at 07:32 By Mirko Zorz In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating security tools. He shares tips for maintaining development speed, fostering collaboration,

React to this headline:

Loading spinner

GitLab CISO on proactive monitoring and metrics for DevSecOps success Read More »

How Exceptional CISOs Are Igniting the Security Fire in Their Development Team

How Exceptional CISOs Are Igniting the Security Fire in Their Development Team 2024-08-20 at 14:16 By Matias Madou For years, many CISOs have struggled to influence their development cohort on the importance of putting security first. The post How Exceptional CISOs Are Igniting the Security Fire in Their Development Team appeared first on SecurityWeek. This

React to this headline:

Loading spinner

How Exceptional CISOs Are Igniting the Security Fire in Their Development Team Read More »

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise 2024-08-07 at 06:01 By Help Net Security Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every few days, according to GitProtect.io. DevSecOps The possibility to integrate security

React to this headline:

Loading spinner

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise Read More »

Applying DevSecOps principles to machine learning workloads

Applying DevSecOps principles to machine learning workloads 2024-04-25 at 07:33 By Help Net Security Protecting data and other enterprise assets is an increasingly challenging task, and one that touches nearly every corner of an organization. As the complexity of digital systems grows, the challenges mount. One method that helps reign in the chaos is bringing

React to this headline:

Loading spinner

Applying DevSecOps principles to machine learning workloads Read More »

Zarf: Open-source continuous software delivery on disconnected networks

Zarf: Open-source continuous software delivery on disconnected networks 2024-04-15 at 06:32 By Help Net Security Zarf is a free, open-source tool that enables continuous software delivery on disconnected networks. It currently offers fully automated support for K3s, K3d, and Kind and is also compatible with EKS, AKS, GKE, RKE2, and many other distro services. The

React to this headline:

Loading spinner

Zarf: Open-source continuous software delivery on disconnected networks Read More »

6 keys to navigating security and app development team tensions

6 keys to navigating security and app development team tensions 2024-04-02 at 06:01 By Help Net Security There will always be a natural tension between cybersecurity teams and developers. After all, it’s the developer’s role to “develop.” They want and are paid to create and ship new applications and features that help move the organization

React to this headline:

Loading spinner

6 keys to navigating security and app development team tensions Read More »

AI Hallucinated Packages Fool Unsuspecting Developers

AI Hallucinated Packages Fool Unsuspecting Developers 2024-04-01 at 18:46 By Ionut Arghire Software developers relying on AI chatbots for building applications may end up using hallucinated software packages. The post AI Hallucinated Packages Fool Unsuspecting Developers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

AI Hallucinated Packages Fool Unsuspecting Developers Read More »

Integrating software supply chain security in DevSecOps CI/CD pipelines

Integrating software supply chain security in DevSecOps CI/CD pipelines 2024-03-04 at 07:01 By Help Net Security NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines (SP 800-204D). In this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides actionable measures to

React to this headline:

Loading spinner

Integrating software supply chain security in DevSecOps CI/CD pipelines Read More »

How to make developers accept DevSecOps

How to make developers accept DevSecOps 2024-01-31 at 07:05 By Helga Labus According to a recent Dynatrace report, only 50% of CISOs believe that development teams have thoroughly tested the software for vulnerabilities before deploying it into the production environment. This is a statistic that needs to change and the only way to change it

React to this headline:

Loading spinner

How to make developers accept DevSecOps Read More »

4 warning signs that your low-code development needs DevSecOps

4 warning signs that your low-code development needs DevSecOps 14/11/2023 at 09:31 By Help Net Security Low code platforms have democratized development in the enterprise. They improve efficiency and enable companies to do more with less. But as you begin to do more you will start hitting speed bumps that eventually become roadblocks. If your

React to this headline:

Loading spinner

4 warning signs that your low-code development needs DevSecOps Read More »

Federal Push for Secure-by-Design: What It Means for Developers

Federal Push for Secure-by-Design: What It Means for Developers 07/11/2023 at 15:02 By Kevin Townsend Secure-by-design is clearly important to the federal government, and there is a strong possibility that it will become a regulatory requirement for the critical industries enforced through an Executive Order. The post Federal Push for Secure-by-Design: What It Means for

React to this headline:

Loading spinner

Federal Push for Secure-by-Design: What It Means for Developers Read More »

The must-knows about low-code/no-code platforms

The must-knows about low-code/no-code platforms 19/10/2023 at 08:03 By Help Net Security The era of AI has proven that machine learning technologies have a unique and effective capability to streamline processes that alter the ways we live and work. We now have the option to listen to playlists carefully curated to match our taste by

React to this headline:

Loading spinner

The must-knows about low-code/no-code platforms Read More »

Scroll to Top