Information Security & Occasional Forays Into Adjacent Realms
Our thanks to both the OWASP® Foundation and the OWASP Global AppSec US 2021 Virtual Conference for publishing their well-crafted application security videos on the organization’s’ YouTube channel.
via the astounding cartoonery of Daniel Stori of turnoff.us!
In my opinion, there is absolutely no 'art' in securely deployed applications...
Not withstanding this, the subject of this post is the well engineered conversational interview over at Linux.com, with Tim Mackey, an evangelist at Black Duck Software; in which the two participants in the conversation hold forth in 'DevOps and the Art of Secure Application Deployment' (scribed by Amber Ankerholz). Worth the read.
Technical Debt, and it's consequences... Illuminated for us - mere mortals - by Chris Hockings - IBM Master Inventor. Todays' MustRead.
In the worst-case scenario, an enterprise continues to invest in platforms that are no longer sufficiently effective, resulting in more personnel delivering currency rather than capability. Security debt is a term that has been coined to describe application vulnerabilities that result from such laggardly behavior. - via by Chris Hockings writing at SecurityIntelligence
via Netflix's Jason Chan, comes word of a OSS automation effort targeting security related events, and actions thereo. Monikered FIDO or more accurately 'Fully Integrated Defense Operation' the system ostensibly serves as an orchestration layer for automated response activities, in the case of security event triggers. Comprised of a well thought-out architecture of infrastructure components, an encapsulated orchestration, correlation and scoring engine coupled to a threat intelligence system... But, I'll leave the full explanation in the obviously capable hands of Netflix's Security Team; examine. if you will, FIDO at GitHub. And, because it's Open Source Software, the security community at large can reap the benefits of this superalitve effort. Outstanding.
In a tour-de-force example of Security Automation, those crazy kids at DevOps have produced a model for enterprise implementation. You'll be well served, I reckon, in taking the time to read their vision of an automated firewall modification.
A Workflow by any other name, would smell as sweet...