June 26, 2021 bestdevops DevOps Leave a comment

Dynatrace Applies AI to Surface App Vulnerabilities

Source:-https://devops.com/ Dynatrace has added a security module to its observability platform that leverages its Davis artificial intelligence (AI) engine to automatically identify the software libraries and open source packages that represent the greatest security risk. Ajay Gandhi, vice president of product marketing for Dynatrace, said the Davis Security Advisor, made available as part of the Dynatrace Application Security Module, makes it easier for IT teams understand which vulnerabilities need to be remediated first. Davis Security Advisor aggregates vulnerability data in

June 4, 2021 bestdevops Continuous Deployment Leave a comment

Just 3% of organizations have real-time visibility into runtime vulnerabilities

Source:-https://www.securitymagazine.com/ Software intelligence company Dynatrace announced the findings of an independent global survey of 700 CISOs, which reveals the rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security. As organizations shift more responsibility “left” to developers to accelerate innovation, increasingly complex IT ecosystems and outdated security tooling can slow releases by leaving blind spots and forcing teams to manually triage countless alerts, many of which are false positives reflecting vulnerabilities in libraries that

December 5, 2020 bestdevops GitHub Leave a comment

Security issues can go undetected for years before being disclosed: GitHub report

Source:-https://www.thehindubusinessline.com Most vulnerabilities are from mistakes, not malicious attacks Security vulnerabilities can often go undetected for over four years before they are disclosed, according to the latest 2020 Security report by GitHub. As per the report, vulnerabilities can often not be detected for more than for years. Once they are disclosed, developers may take over four weeks to fix these vulnerabilities. Once they are identified, the package maintainer and security community typically create and release a fix in just over