How do we improve software quality and end the epidemic of shoddy, exploitable software harming consumers, communities and businesses? To start, we need to change the way we think and talk about software-based risks.
DevOps
GitGuardian’s HasMySecretLeaked Is HaveIBeenPwned for DevOps
Amid a spike in attacks on software supply chains, GitGuardian launched HasMySecretLeaked.com, a site that allows developers and appsec teams to search for exposed secrets.
Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple
Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make, and application development’s “tragedy of the commons,” as more and more development teams lean on open source code.
Malicious Automation is driving API Security Breaches
Removing the ability to automate against a vulnerable API is a huge step forward, as automation is a key enabler for both the exploitation and the extraction of large amounts of sensitive data.
Episode 243: The CSTO is a thing- a conversation with Chris Hoff of LastPass
Paul talks with Chris Hoff the Chief Secure Technology Officer at LastPass about the CSTO role and the security implications of “software eating the world.”
