by Azalio tdshpsk | Jul 27, 2022 | Security
The compromise of SolarWinds’ system management tool raised a lot of interesting issues for anyone using a CI/CD (continuous integration and continuous delivery) build process for their software. How can we ensure that the software we distribute to our users is the...
by Azalio tdshpsk | Jul 19, 2022 | Security
Who owns software supply chain security? Developers? Or the platform and security engineering teams supporting them?In the past, the CIO, CISO, or CTO and their security team would decide which Linux distribution, operating system, and infrastructure platform the...
by Azalio tdshpsk | Jul 12, 2022 | Security
Log4j was the bucket of cold water that woke up most developers to their software supply chain security problem. We’ve spent decades in software building things and obsessing over our production environment. But we’re building on unpatched Jenkins boxes sitting under...
by Azalio tdshpsk | Jun 27, 2022 | Security
Devops is primarily associated with the collaboration between developers and operations to improve the delivery and reliability of applications in production. The most common best practices aim to replace manual, error-prone procedures managed at the boundaries...
by Azalio tdshpsk | Jun 27, 2022 | Security
The good news is that recession or no, security remains a somewhat uncuttable expense for CIOs, according to new data from Morgan Stanley Research. The bad news is that none of it will work if those same CIOs don’t patch their software. AWS Vice President Matt Wilson...
by Azalio tdshpsk | Jun 21, 2022 | Security
Many companies have rushed to implement continuous integration and continuous delivery (CI/CD) pipelines to streamline their software development workflows. Far fewer have taken the additional step to automate continuous deployment, a practice of using CI/CD pipelines...
