Tag: DEVSECOPS

Source Code Secret

GitGuardian’s HasMySecretLeaked Is HaveIBeenPwned for DevOps

Amid a spike in attacks on software supply chains, GitGuardian launched HasMySecretLeaked.com, a site that allows developers and appsec teams to search for exposed secrets.

Photo by RealToughCandy.com: https://www.pexels.com/photo/person-holding-a-sticker-11035393/

Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple

Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make, and application development’s “tragedy of the commons,” as more and more development teams lean on open source code.

Log4J Image

Episode 248: GitHub’s Jill Moné-Corallo on Product Security And Supply Chain Threats

In this episode of the Security Ledger Podcast, Paul speaks with Jill Moné-Corallo, the Director of Product Security Engineering Response at GitHub. Jill talks about her journey from a college stint working at Apple’s Genius bar, to the information security space – first at product security at Apple and now at GitHub, a massive development platform that is increasingly in the crosshairs of sophisticated cyber criminals and nation-state actors.

United Nations Logo on a Glass Door

Researchers Test UN’s Cybersecurity, Find Data on 100k

Independent security researchers testing the security of the United Nations were able to compromise public-facing servers and a cloud-based development account for the U.N. and lift data on more than 100,000 staff and employees, according to a report released Monday.

Container Security Image

Containers Complicate Compliance (And What To Do About It)

If you work within the security industry, compliance is seen almost as a dirty word. You have likely run into situations like that which @Nemesis09 describes below. Here, we see it’s all too common for organizations to treat testing compliance as a checkbox exercise and to thereby view compliance in a way that goes against its entire purpose. There are challenges when it comes to compliance, for sure. Organizations need to figure out whether to shape their efforts to the letter of an existing law or to base their activities in the spirit of a “law” that best suits their security needs—even if that law doesn’t exists. There’s also the assumption that a company can acquire ‘good enough’ security by implementing a checkbox exercise, never mind the confusion explained by @Nemesis09. Podcast Episode 141: Massive Data Breaches Just Keep Happening. We Talk about Why. However, there is truth behind why […]