Joe

One of the hot topics in software development right now is “DevSecOps”, which stands for “development, security, and operations”, and loosely-defined means “producing secure applications through an continuous integrated automated build process”.  It is often mentioned in conjunction with an organization’s goal to “move security left” in the development process, with the goal of addressing security issues early on in the project plan. 

The focus of this article is strictly on the security aspects of DevSecOps.  Specifically, we will elaborate activities that can and should be integrated into the Software Development Lifecycle (SDLC) to produce secure applications. 

System architectures leveraging APIs offer many benefits, but warrant caution, as they also make it easy to introduce serious security vulnerabilities into your products and services. This article explores various security considerations that can make or break API security, identifying […]

In a previous article, “A Security Model for the Internet of Things (IoT),”, we described how to measure the security of discrete network devices, and how to aggregate the resulting scores to the network level.  In this article, we will […]