NIST has recently researched, defined, and released an entirely new standard for incorporating security into the software development lifecycle called The Secure Software Development Framework. It was uniquely designed to help address the tremendous gaps in software supply chain security that expose organizations to …
In early October, the US Department of Justice announced that a verdict had been reached in the case against former Uber CISO Joe Sullivan, finding him guilty of two counts associated with covering up a data breach at the company. What made the Uber data breach case particularly noteworthy was that it was not seeking …
In the spectrum of deployment options available for cloud native applications, the most widely used option, at least presently, is running containers on VMs that use the Linux operating system (or less frequently, bare-metal servers running Linux).
One of the challenges organizations have in using cloud native technologies is in figuring out how compliance requirements translate into actionable control points. Most regulations predate containers and serverless technologies and don’t have specific articles governing the use of such technologies.
We recently …
When it comes to securing containerized applications, the first item on everyone’s agenda is to ensure that only trusted images are running in your environment, based on security and compliance policies. And for good reason too. This is by far the most effective preventive measure you can take to protect your …