Skip to main content

White House to Spend $11 Million to Study Open Source Software Use

Open source code
Open source codeHardening the security around open source software has been a key part of the White House’s larger cybersecurity efforts since President Biden released his executive order for improving the United States’ security posture in May 2021, only months after taking office. Now the Biden Administration and the Department of Homeland Security (DHS) are putting $11 […]

from DevOps.com https://ift.tt/1Wuh8vp

Comments

Popular posts from this blog

Shift Left to the Developer’s Machine: Building Local Git Security Gates 

A developer pushes one file. It contains an AWS access key left in a configuration block. Five minutes later, CI catches it. By then, the secret is in the remote repository, cached by mirrors and potentially forked. The developer rotates the key, scrubs the commit history and spends the rest of the afternoon on incident response. The real question isn’t how to clean up faster — it’s why the secret left the developer’s machine in the first place.   The Five-Minute Gap   Most engineering teams have invested in CI-based secret scanning . Tools such as GitHub Advanced Security, GitGuardian and TruffleHog’s CI integration catch leaked credentials in pull requests and pushed branches. This is good, but it’s also too late.   The GitGuardian 2026 State of Secrets Sprawl report found that 29 million secrets were detected on GitHub in 2025 alone — a 34% year-over-year increase and the largest single-year jump ever recorded. Worse, 64% of secrets leaked back in 202...

Undo Enables AI Agents to Diagnose Root Cause of Application Issues

Undo today revealed that its platform for recording interactions within applications can now be accessed by artificial intelligence (AI) agents via a Model Context Protocol (MCP) server. Company CEO Greg Law said this Undo AI capability makes it simpler for any agent to discover the root cause of any issue that otherwise would have required weeks or months to discover. That capability is now more critical than ever at a time when AI tools are generating massive amounts of code that is overwhelming the ability of humans to actually review, he added. The Undo platform records the complete execution of a program, including every instruction, variable, thread event and system call. That approach captures causality in a way that is deeper than what can be diagnosed solely by relying on log analytics and traces, said Law. An AI agent can then query the recording in the same way they reason about static code to determine exactly how an application functions, he added. Armed with those ins...

Building a Security Feedback Process for DevOps

The last few years have seen some major slip-ups in the security space among all major cloud providers, resulting in uncertainty and speculation. That’s understanding; cloud security is an extremely complicated subject as enterprises build and deploy applications faster than ever before to keep up with business requirements. Most of the security issues that occur […] The post Building a Security Feedback Process for DevOps appeared first on DevOps.com . from DevOps.com http://bit.ly/2L1DS7t