Author Archives: Jessica Dodson

Should DevOps Account for Continuous Trust of Production Applications?


January 9, 2014 By
Jessica Dodson
devops

To find previous blogs in this DevOps series, read: Part 1 – Agile, Component Development & DevOps – A Natural Match Part 2 – DevOps Success is Contingent on Shifting Left  Part 3 – DevOps Requires an Optimized Application Development Tool Chain Part 4 – Component Capable Release Management is Key to DevOps Part 5 […]

Continue reading...

Move Left and Be More Secure


September 16, 2013 By
Jessica Dodson

Author Attribution: This post was written by a guest blogger: Mark Miller, Founder and Curator of Trusted Software Alliance. In a “50-in-50” interview on the Trusted Software Alliance site, Gary McGraw talked about the concept of ‘moving left’, or ‘shifting left’ when it comes to application security in the software life cycle. Traditional development leaves […]

Continue reading...

A Brief and Incomplete History of DevOps


July 29, 2013 By
Jessica Dodson

The use of DevOps methodology and a structured process for integrating security into the development process is becoming more prevalent as large enterprises are seeing the benefits of a strategic alliance between development teams and operations. Instead of throwing the pig over the fence and hoping it turns into bacon by the time it touches […]

Continue reading...

Do you trust your software supplier? Questions to ask yourself – and them!


July 24, 2013 By
Jessica Dodson

Ever since I attended the recent Gartner Security & Risk Management Summit, I’ve found myself thinking a lot about if “you can trust your software supplier”. My colleague wrote about this a bit in a Gartner recap blog and our CEO co-presented on this topic with Curtis Yanko as part of a solution provider session. […]

Continue reading...

How Will you Manage the New Addition of A9 to the OWASP Top 10 List?


June 18, 2013 By
Jessica Dodson

It’s fair to say we were excited back in May when the OWASP community proposed A9 “ Using Components with Known Vulnerabilities” as a top 10 open source security risk – so now it’s official, component vulnerabilities are considered a critical web security flaw. But why has this addition warranted its own category, formerly classified […]

Continue reading...

Is it time for a Nexus Repository Health Check? Come to the Nexus Office Hours to get your Diagnosis.


May 27, 2013 By
Jessica Dodson

If your repository contained a jar file with a known vulnerability, how would you know? What would it mean to you to have that sort of visibility into your repository health? This isn’t probably something you consider often since one of the benefits of having a repository manager is enforcing component standards. But as you […]

Continue reading...