AI built it, but can you trust it? 2025-07-07 at 09:02 By Mirko Zorz In this Help Net Security interview, John Morello, CTO at Minimus, discusses the security risks in AI-driven development, where many dependencies are pulled in quickly. He explains why it’s hard to secure software stacks that no one fully understands. He also […]
React to this headline:
AI built it, but can you trust it? Read More »
Healthcare CISOs must secure more than what’s regulated 2025-07-03 at 09:05 By Mirko Zorz In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. Jiang also
React to this headline:
Healthcare CISOs must secure more than what’s regulated Read More »
Why AI code assistants need a security reality check 2025-06-19 at 09:02 By Mirko Zorz In this Help Net Security interview, Silviu Asandei, Security Specialist and Security Governance at Sonar, discusses how AI code assistants are transforming development workflows and impacting security. He explains how these tools can boost productivity but may also propagate vulnerabilities
React to this headline:
Why AI code assistants need a security reality check Read More »
Vet: Open-source software supply chain security tool 2025-06-03 at 08:34 By Help Net Security Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages. Vet supports several ecosystems, including npm,
React to this headline:
Vet: Open-source software supply chain security tool Read More »
Development vs. security: The friction threatening your code 2025-06-03 at 07:32 By Sinisa Markovic Developers are driven to deliver new features quickly, while security teams prioritize risk mitigation, which often puts the two at odds. 61% of developers said that it’s critical that security doesn’t block or decelerate the development process or become a barrier
React to this headline:
Development vs. security: The friction threatening your code Read More »
Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution 2025-03-13 at 13:49 By Matias Madou Organizations can align their processes with one of two global industry standards for self-assessment and security maturity—BSIMM and OWASP SAMM. The post Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution appeared first on
React to this headline:
Sola Security Deposits Hefty $30M Seed Funding 2025-03-11 at 14:08 By SecurityWeek News The financing was provided by S Capital and investor Mike Moritz, S32, Glilot Capital Partners, and several angel investors. The post Sola Security Deposits Hefty $30M Seed Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
React to this headline:
Sola Security Deposits Hefty $30M Seed Funding Read More »
GitLab CISO on proactive monitoring and metrics for DevSecOps success 2025-01-09 at 07:32 By Mirko Zorz In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating security tools. He shares tips for maintaining development speed, fostering collaboration,
React to this headline:
GitLab CISO on proactive monitoring and metrics for DevSecOps success Read More »
How Exceptional CISOs Are Igniting the Security Fire in Their Development Team 2024-08-20 at 14:16 By Matias Madou For years, many CISOs have struggled to influence their development cohort on the importance of putting security first. The post How Exceptional CISOs Are Igniting the Security Fire in Their Development Team appeared first on SecurityWeek. This
React to this headline:
How Exceptional CISOs Are Igniting the Security Fire in Their Development Team Read More »
Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise 2024-08-07 at 06:01 By Help Net Security Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every few days, according to GitProtect.io. DevSecOps The possibility to integrate security
React to this headline:
Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise Read More »
Applying DevSecOps principles to machine learning workloads 2024-04-25 at 07:33 By Help Net Security Protecting data and other enterprise assets is an increasingly challenging task, and one that touches nearly every corner of an organization. As the complexity of digital systems grows, the challenges mount. One method that helps reign in the chaos is bringing
React to this headline:
Applying DevSecOps principles to machine learning workloads Read More »
Zarf: Open-source continuous software delivery on disconnected networks 2024-04-15 at 06:32 By Help Net Security Zarf is a free, open-source tool that enables continuous software delivery on disconnected networks. It currently offers fully automated support for K3s, K3d, and Kind and is also compatible with EKS, AKS, GKE, RKE2, and many other distro services. The
React to this headline:
Zarf: Open-source continuous software delivery on disconnected networks Read More »
6 keys to navigating security and app development team tensions 2024-04-02 at 06:01 By Help Net Security There will always be a natural tension between cybersecurity teams and developers. After all, it’s the developer’s role to “develop.” They want and are paid to create and ship new applications and features that help move the organization
React to this headline:
6 keys to navigating security and app development team tensions Read More »
AI Hallucinated Packages Fool Unsuspecting Developers 2024-04-01 at 18:46 By Ionut Arghire Software developers relying on AI chatbots for building applications may end up using hallucinated software packages. The post AI Hallucinated Packages Fool Unsuspecting Developers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this
React to this headline:
AI Hallucinated Packages Fool Unsuspecting Developers Read More »
Integrating software supply chain security in DevSecOps CI/CD pipelines 2024-03-04 at 07:01 By Help Net Security NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines (SP 800-204D). In this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides actionable measures to
React to this headline:
Integrating software supply chain security in DevSecOps CI/CD pipelines Read More »
How to make developers accept DevSecOps 2024-01-31 at 07:05 By Helga Labus According to a recent Dynatrace report, only 50% of CISOs believe that development teams have thoroughly tested the software for vulnerabilities before deploying it into the production environment. This is a statistic that needs to change and the only way to change it
React to this headline:
How to make developers accept DevSecOps Read More »
4 warning signs that your low-code development needs DevSecOps 14/11/2023 at 09:31 By Help Net Security Low code platforms have democratized development in the enterprise. They improve efficiency and enable companies to do more with less. But as you begin to do more you will start hitting speed bumps that eventually become roadblocks. If your
React to this headline:
4 warning signs that your low-code development needs DevSecOps Read More »
Federal Push for Secure-by-Design: What It Means for Developers 07/11/2023 at 15:02 By Kevin Townsend Secure-by-design is clearly important to the federal government, and there is a strong possibility that it will become a regulatory requirement for the critical industries enforced through an Executive Order. The post Federal Push for Secure-by-Design: What It Means for
React to this headline:
Federal Push for Secure-by-Design: What It Means for Developers Read More »
The must-knows about low-code/no-code platforms 19/10/2023 at 08:03 By Help Net Security The era of AI has proven that machine learning technologies have a unique and effective capability to streamline processes that alter the ways we live and work. We now have the option to listen to playlists carefully curated to match our taste by
React to this headline:
The must-knows about low-code/no-code platforms Read More »
Strategies for harmonizing DevSecOps and AI 12/09/2023 at 07:32 By Help Net Security The same digital automation tools that have revolutionized workflows for developers are creating an uphill battle regarding security. From data breaches and cyberattacks to compliance concerns, the stakes have never been higher for enterprises to establish a robust and comprehensive security strategy.
React to this headline:
Strategies for harmonizing DevSecOps and AI Read More »