Contributed By
Taylor Armerding, Software Security Expert, Synopsys Software Integrity Group
“If tools aren’t used correctly, at the right time, and in the right way, they can flag an overwhelming number of potential vulnerabilities, many of them insignificant or irrelevant to a particular project. And that can frustrate development teams to the point that they could start ignoring the warnings or even disabling the tools, undermining the security those tools are meant to enhance.”
That, according to Meera Rao, is one of the biggest challenges of embedding security into DevOps and yielding effective DevSecOps.
Rao, senior director for product management (DevOps solutions) at Synopsys, notes the reality that “at every stage in the pipeline or even in your SDLC, you have many security activities to perform, and each and every one of them gives you vulnerabilities. That can lead to defect overload.”
By now, that list of DevSecOps testing tools and other security tasks is fairly standard. At the start, security teams should conduct threat modeling and risk analysis based on what an application is expected to do and what kind of input, if any, it will handle. Obviously, a page on a website that accepts user input including personal and financial data needs more rigorous security than one that simply provides information, such as the locations of company offices.
During the coding and building phases, automated tools like static, dynamic, and interactive analysis can flag bugs and other defects that could be exploited. Fuzz testing can check how the software responds to random, malformed input. Software composition analysis (SCA) can help find open source components that may have security defects and/or licensing conflicts.
This story is from the February 2021 edition of HWM Singapore.
Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 8,500+ magazines and newspapers.
Already a subscriber ? Sign In
This story is from the February 2021 edition of HWM Singapore.
Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 8,500+ magazines and newspapers.
Already a subscriber? Sign In
Take Even Better Photos With The iPhone 15 Pro And 15 Pro Max
We already covered the iPhone 15 and 15 Pro Max's photography capabilities rather extensively in our review, but the general idea is that Apple has done a great job improving the software side and offering better sharpness, detail and a new 5x telephoto zoom lens on the iPhone 15 Pro Max.
Easier Editing with Final Cut Pro
Video editing is definitely on the rise these days, with many people starting to edit short videos on their phones for social media before getting into dedicated programs like Final Cut Pro, Adobe Premiere Pro and more.
Portable, But Is It Convenient?
Designed for content creators, journalists, and anyone needing a small, lightweight microphone system, the Shure MoveMic comes in three different configurations
This Game Needs C-P-ARRRR!
Oh boy, where do I even begin. My journey with Ubisoft’s Skull and Bones, which started way back in 2017 when it was announced, has been akin to navigating a stormy voyage.
FANTASTIC KEYBOARD
The Falchion RX Low Profile is an interesting keyboard. While it is a part of the ASUS Republic of Gamers (ROG) sub-brand, it has plenty of features for the non-gaming audience too.
SURPRISINGLY BIG SOUND
The Pebble X Plus is Creative's current lead 2.1-channel offering. The pair of satellites feature 2.75-inch full-range drivers, and, just like all other Pebble speakers, are tilted at a 45-degree angle aimed at the users' ears.
A Multiplayer Gem
As I picked up my PlayStation 5 controller to play Helldivers 2, I found myself grappling with an unexpected adversary – inaccessible servers.
A HEAD-TURNING LOW-PROFILE MECHANICAL KEYBOARD
DURING CES 2024, MONOKEI UNVEILED Systems, a beautifully designed, well-built, low-profile mechanical keyboard.
NVIDIA'S 200-BILLION TRANSISTOR BLACKWELL GPU WILL TACKLE XXXLSIZED GENERATIVE AI MODELS
Blackwell GPU release rumours for many months now, but most are postulating what the GeForce RTX 4090 successor could offer. While that's not focus of today's launch, the Blackwell GPU architecture has finally been announced at NVIDIA'S premier AI conference, GTC 2024. With a headline such as wielding power to drive the new industrial revolution, the Blackwell GPU is shaping up to be a key enabler for accelerated computing, breakthrough data processing, engineering simulation, drug design, quantum computing, and generative AI in a very big way.
OF EMBRACING ESCAPISM AND CONFRONTING REALITY
As you embark on the journey that Final Fantasy VII Rebirth offers, there’s a moment that distinctly shifts the narrative’s atmosphere: Aerith pauses to take in the in-game scenery with a sense of wonder, which stood in stark contrast to the earlier parts of the game, where the flower girl, alongside other FFVII key companions such as Cloud and Tifa, navigates the cramped slums and towering corporate skyscrapers of Midgar.
