OWASP at a crossroads: Founder Mark Curphey's call for relevance in the age of DevSecOps
After two decades of raising awareness about the big problems in application security, the Open Web Application Security Project (OWASP) stands at a crossroads.
Dev & DevSecOps
OWASP at a crossroads: Founder Mark Curphey's call for relevance in the age of DevSecOps
Devs: Don’t rely on GitHub Copilot — legal risk gets real
GitHub’s Copilot ML code-completion engine is violating copyright wholesale. So say several high-profile open source advocates.
DevOps lesson from Toyota FAIL: Crash test secrets
Toyota stands accused of lax DevOps standards, as the company reveals it stored prod database credentials in a public GitHub repo. That’s bad enough, but it also took five years to detect and fix.
Memory-safe #RustLang shines with its day in the sun
The chatter around the Rust language is growing into a deafening roar.
DevOps teams: BGP security is BAD. But you can fix it
The security of the Border Gateway Protocol (BGP) is laughable. But we all rely on it every day. For everything.
Rust finds its mojo: Move forward to memory-safe code
t’s confirmed: The Linux kernel will have Rust support soon.
Why Twitter security sucks: Half of staff has PII access
Peiter “Mudge” Zatko (pictured) was grilled by U.S. senators this week. Twitter’s former head of security has some damning things to say about the service’s DevOps security — or lack of it.
To secure your CI/CD pipelines, round up the usual suspects
A presentation at the Black Hat Briefings in Las Vegas dug into the “how” of CI/CD compromises. As it turns out, many of the culprits will be familiar to security teams.