CyberSecurityBoard
Sponsor Register Login

The Elusive Quest for DevSecOps Collaboration

Despite years of discussing DevSecOps, achieving security and development collaboration remains an uphill battle in most organizations.
The Slow March of DevSecOps Evolution While the concept of DevSecOps has been discussed for years as a best practice for integrating security into development lifecycles, actual adoption has been gradual at best.
The reality is that despite widespread consensus on the need for closer collaboration between security and development teams, real-world progress has lagged.
Shoshani attributes this to the constant tension between an exciting vision and on-the-ground implementation realities.
Security teams are trying to validate each release phase before the next begins trip up accelerated development timetables.
Without air cover from leadership, there's little incentive to try.
The result is not only slower velocity but also compounded risks from changes made without visibility into cross-functional impacts.
Dueling changes break production environments and reduce security adherence over time.
The Stream Solution: Visibility and Collaboration Stream Security's platform offers one pathway to help organizations stuck in these dynamics, providing integrated visibility and automated policy guardrails tailored to each team's concerns.
It then surfaces actionable, relevant alerts simultaneously to Security and DevOps users for tighter coordination.
Results From the Field Early proof points demonstrate Stream's potential impact.
As Shoshani shares, one customer went from being perpetually overwhelmed by a barrage of false positive alerts to trimmed, accurate notifications and confident oversight - allowing their tiny staff to finally collaborate effectively with their developer counterparts.
Others seek out the platform's unique capabilities for cost optimization, compliance auditing, or to combat shadow IT risks with newfound visibility.
While the path to mature DevSecOps practices remains long, Stream Security's approach demonstrates how smarter tools that provide transparency into the complete environment and enable closer cross-functional workflows can accelerate that evolution.
Opinions expressed by DZone contributors are their own.


This Cyber News was published on feeds.dzone.com. Publication date: Thu, 21 Dec 2023 13:13:05 +0000


Cyber News related to The Elusive Quest for DevSecOps Collaboration

DevSecOps: Definition, Benefits and Best Practices - DevSecOps is an approach that focuses on the alignment of the three core pillars of DevOps — Development, Operations, and Security. It’s a combination of processes, tools and practices designed to enable organizations to adopt innovative and ...
1 year ago Heimdalsecurity.com
Modern DevSecOps - DevSecOps - a fusion of development, security, and operations - emerged as a response to the challenges of traditional software development methodologies, particularly the siloed nature of development and security teams. DevSecOps aims to break down ...
1 year ago Feeds.dzone.com
The Elusive Quest for DevSecOps Collaboration - Despite years of discussing DevSecOps, achieving security and development collaboration remains an uphill battle in most organizations. The Slow March of DevSecOps Evolution While the concept of DevSecOps has been discussed for years as a best ...
11 months ago Feeds.dzone.com
3 security best practices for all DevSecOps teams - It's been over 10 years since Shannon Lietz introduced the term DevSecOps, aiming to get security a seat at the table with IT developers and operators. More organizations are looking to shift-left security to ensure that security is prominent in ...
1 year ago Infoworld.com
3 ways to reduce stress on the DevSecOps team - My session focused on the stresses and burnout experienced by security teams, including recent data showing that 94% of chief information security officers suffer from work-related stress, and 65% admit their stress levels compromise their ability to ...
1 year ago Infoworld.com
Quest Diagnostics pays $5M for dumping patient data, waste The Register - Quest Diagnostics has agreed to pay almost $5 million to settle allegations it illegally dumped protected health information - and hazardous waste - at its facilities across California. This sum won't hurt at all for the corporation, one of the ...
10 months ago Go.theregister.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
11 months ago Feeds.dzone.com
4 key devsecops skills for the generative AI era - Experts believe that generative AI capabilities, copilots, and large language models are ushering in a new era of how developers, data scientists, and engineers will work and innovate. They expect AI to improve productivity, quality, and innovation, ...
11 months ago Infoworld.com
Why Cybersecurity Businesses Need a Real-Time Collaboration Tool - When the Cybercrime in a Pandemic World study was released in late 2021, the report noted that cybersecurity threats had risen 81% since the coronavirus raised its ugly head. It was a time of restrictive lockdowns, stay-at-home orders, and mask ...
1 year ago Hackread.com
Understanding CAT Culture in Cybersecurity: Collaboration, Awareness, and Training - In the dynamic and ever-evolving landscape of cybersecurity, organizations are increasingly recognizing the importance of fostering a robust security culture to mitigate risks and safe-guard sensitive data. One such approach gaining traction is the ...
8 months ago Cybersecurity-insiders.com
Security tools fail to translate risks for executives - Organizations are struggling with internal communication barriers, which hinder their ability to address cybersecurity threats, according to Dynatrace. The results indicate that CISOs encounter challenges in aligning security teams with the C-suite, ...
7 months ago Helpnetsecurity.com
Amplifying Connection and Embracing Collaboration Through Volunteering at Mix 92.6 Community Radio - At Cisco, we often talk about the power of collaboration and connectivity. My experience volunteering at Mix 92.6, a community radio station, has shown me first-hand how the spirit of collaboration brings communities together and transforms lives, ...
1 year ago Feedpress.me
The Role of DevOps in Enhancing the Software Development Life Cycle - Software development is a complex and dynamic field requiring constant input, iteration, and collaboration. DevOps is more than just a methodology; it combines practices seamlessly integrating software development and IT operations for streamlining ...
10 months ago Feeds.dzone.com
ARMO announces new Slack integration - We're thrilled to introduce a fresh ARMO app designed exclusively for Slack, delivering notifications directly to the channels where your teams focus on tackling security concerns related to Misconfiguration, Vulnerabilities, and Compliance. This ...
11 months ago Securityboulevard.com
CVE-2023-41881 - vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential ...
1 year ago
2024 Tech Predictions: Hybrid Collaboration is Here to Stay - Reflections from the Consumer Electronics Show and predictions for the year in tech. From home, the office and everywhere in between, we use Cisco collaboration solutions to solve hybrid work's greatest challenges, while inspiring innovation, ...
11 months ago Feedpress.me
Cybersecurity Awareness Month: Cybersecurity awareness for developers - Siri Varma, tech lead and software development engineer with Microsoft Security, works with both developers and cybersecurity teams every day. Next, there’s the knowledge gap; coders may lack the necessary understanding of security practices, ...
2 months ago Securityintelligence.com
The Evolving Threat Landscape: Where Out-of-Band Communications Fit - On August 10, 2023, the Cyber Safety Review Board publicly released a critical report detailing cyberattacks perpetrated by Lapsus$ and related threat groups. The report came approximately a year and a half after Microsoft first warned about the ...
11 months ago Securityboulevard.com
Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing - As we reflect on 2022, we've seen that malicious actors are constantly coming up with new ways to weaponize technologies at scale to cause more disruption and devastation. The dangers are showing up everywhere - and more frequently. The volume and ...
1 year ago Securityweek.com
CVE-2006-3574 - Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious ...
7 years ago
CVE-2007-1786 - SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, ...
7 years ago
CVE-2007-3043 - Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, ...
7 years ago
CVE-2020-2885 - Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows ...
4 years ago
CVE-2021-2181 - Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows high privileged ...
3 years ago
Driven Technologies Expands Expertise With Acquisition of ieMentor - PRESS RELEASE. NEW YORK, Jan. 3, 2024 /PRNewswire/ - Driven Acquisition Inc, DBA Driven Technologies, a NY based leading cybersecurity and cloud service provider, today announced the acquisition of ieMentor, a Cisco Gold Partner with multiple ...
11 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)