How do we improve software quality and end the epidemic of shoddy, exploitable software harming consumers, communities and businesses? To start, we need to change the way we think and talk about software-based risks.
Tag: DEVOPS
GitGuardian’s HasMySecretLeaked Is HaveIBeenPwned for DevOps
Amid a spike in attacks on software supply chains, GitGuardian launched HasMySecretLeaked.com, a site that allows developers and appsec teams to search for exposed secrets.
Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple
Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make, and application development’s “tragedy of the commons,” as more and more development teams lean on open source code.
Attacks on APIs demand a Security Re-Think
New threats demand that we transform the way we think about securing the endpoints. Case in point: APIs, writes Ross Moore.
Episode 248: GitHub’s Jill Moné-Corallo on Product Security And Supply Chain Threats
In this episode of the Security Ledger Podcast, Paul speaks with Jill Moné-Corallo, the Director of Product Security Engineering Response at GitHub. Jill talks about her journey from a college stint working at Apple’s Genius bar, to the information security space – first at product security at Apple and now at GitHub, a massive development platform that is increasingly in the crosshairs of sophisticated cyber criminals and nation-state actors.