DevOps - ppfosec

Sign in Subscribe

DevOps

A collection of 4 posts

How to convince developers to fix their security vulnerabilities?

How to convince developers to fix their security vulnerabilities?

Presenting developers with vulnerabilities is one of the most common -and frustrating- tasks of any security analyst. Here's a list of the most common excuses developers come up with to avoid fixing vulnerabilities and how I react to them.

10 Harsh Truths About Cloud Security

10 Harsh Truths About Cloud Security

As a specialist in cloud security due diligence and third-party security risk management, I present the hardest aspects of the discipline. Questionnaires and scanners have created a culture of "checkmarkism" that lead to fast results but low value advice.

How do Supply-Chain Attacks Work? Examples from Software Development

How do Supply-Chain Attacks Work? Examples from Software Development

Did you know software is made up of hundreds of tiny pieces of software called libraries? Attackers sure do. Nowadays, they prey on developers' cognitive loads to infiltrate our most trusted applications. Let's unpack the new phenomenon of supply chain attacks.

The Supply Chain Security Crisis: Tools vs Talent

The Supply Chain Security Crisis: Tools vs Talent

Remember Log4Shell? Not actual shipping containers - I'm talking about that infamous vulnerability that exposed the fragility of our software ecosystem. Log4Shell, a critical vulnerability discovered in December 2021 in the ubiquitous Log4j Java library, allowed attackers to execute arbitrary code by injecting malicious strings into log entries.