Operations | Monitoring | ITSM | DevOps | Cloud

A security bill of material (SBOM) is an inventory of the entire building components of a software application. These components include open source libraries, dependencies, commercial components, licenses, patch status, version information, upgrades available, CVEs, etc. Having an SBOM of a codebase or piece of software provides deep visibility into core components that help quickly identify and mitigate the security and licensing risks associated with the software supply chain.

As we get ready to wish the term SASE a happy 4th birthday, it seems odd that there is still a great deal of confusion in the market about what SASE really is and how it relates to a ‘Zero Trust’ architecture. For many, SASE is a framework for secure network design; for others, it’s seen more as an architectural approach to delivering Zero Trust. So why do we have this confusion when Gartner defined SASE back in 2019?

Cloud computing and the use of cloud native architectures enable unparalleled performance, flexibility, and velocity. The speed of innovation has driven significant advancements across industries, but as digitalization continues pushing applications and services to the cloud, bad actors’ intrusion techniques have also become more sophisticated.

Without an active SSL certificate, user contact with the website is no longer secured, making it possible for any malicious entity to access private user information. Users are unlikely to return to the website after viewing a security notice, though. The simplest way to monitor the expiration of your site certificates is to use an efficient, automatic SSL certificate expiry monitoring solution.

In some respects, security and reliability are competing priorities. Security controls may reduce reliability, and responding to security incidents may require mission-critical systems to be paused or shut down until they're secure. The recent security incident involving CircleCI, however, shows that it's not always necessary to choose between prioritizing security or reliability.

When people think of home security they usually think of an alarm system with a keypad next to the door. These days, however, home security should have two meanings. I’m here to talk about the second: cybersecurity. In other words, security in the smart home.

DevSecOps–short for development, security, and operations–is a trending practice that introduces security testing, triage, and risk mitigation as early as possible in the software development lifecycle, rather than bolting on security in the final stages. DevSecOps requires a shift (also known as “shift-left”) in culture, process, and tools across development, security, and operations teams to make security a shared responsibility.

Yesterday, CircleCI, a Continuous Integration/Continuous Delivery (CI/CD) service, notified the world it had been breached via a critical advisory from its CTO. As a major software delivery pipeline service, CircleCI users store myriad credentials for various services in CircleCI’s “Secrets Store” infrastructure.