DevOpsSec: Securing Software through Continuous Delivery

The following is external content provided as a free resource for blog readers.

How do you build security and compliance into your DevOps platforms and pipelines? With this O’Reilly report, security analysts, security engineers, and pen testers will learn how to leverage the same processes and tools—such as version control, containers, and Continuous Delivery—that DevOps practitioners use to automate software delivery and infrastructure changes. In other words, you’ll understand how to use DevOps to secure DevOps.

Author Jim Bird uses case studies from Etsy, Netflix, and the London Multi-Asset Exchange (LMAX) to illustrate the steps leading organizations have taken to secure their DevOps processes. If you understand application and infrastructure security, and have some familiarity with DevOps and Agile development practices and tools, this report is the ideal place to start.

This report shows you how to:

  • Examine the security and compliance challenges that DevOps poses in your organization
  • Leverage key DevOps practices and workflows to design, build, deploy, and run secure systems
  • Build security as code by mapping security checks and controls into DevOps workflows
  • Take advantage of software component analysis, vulnerability management, and automated software testing tools that dev and ops already use
  • Build compliance into DevOps, and wire compliance policies and checks and auditing into Continuous Delivery

By downloading this free report, you agree to receive regular updates on events, video, books, and learning opportunities from O'Reilly Media. 



Request Free!

2016 Cyberthreat Defense Report

The following is external content provided as a free resource for blog readers.
Based on a rigorous survey of IT security decision makers and practitioners – across not only North America and Europe, but for the first time, in Asia Pacific and Latin America as well – the Cyberthreat Defense Report examines the current and planned deployment of countermeasures against the backdrop of numerous perceptions, such as:
  • The adequacy of existing cybersecurity investments, both overall and within specific domains of IT
  • The likelihood of being compromised by a successful cyberattack
  • The types of cyberthreats that pose the greatest risk to the organization
  • The organizational factors that present the most significant barriers to establishing effective cyberthreat defenses
  • The operational, tactical, and strategic value that individual security technologies provide


Request Free!

Space Weather Outlook July 24, 2016 at 11:42PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #16-30 2016 July 24 at 9:25 p.m. MDT (2016 July 25 0325 UTC) **** SPACE WEATHER OUTLOOK **** Summary For July 18-24 R2 (Moderate) radio blackouts were observed on 23 July due to flare activity from Region 2567. R1 (Minor) radio blackouts were observed on 21 and 24 July from Region 2567. G1 (Minor) storm levels were observed on 19-20 and 24 July due to shock enhancements from CMEs that arrived late on 19 July and near midday on 24 July. Outlook For July 25-31 G1 (Minor) storm levels are expected on 29 July due to recurrent CH HSS activity. There is a chance for R1-R2 (Moderate) radio blackouts on 25 July due to the flare potential from Region 2567. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.