Unmaintained Dependencies and Other Ways to Measure CI/CD Security
I look at five recent studies, with a focus on CI/CD and open source. As always, the analysis goes beyond the press release-based reporting you may have read elsewhere.
Category: Snippet of The New Stack article
Non-Contributing Developers Expect Companies to Support Open Source
Companies should encourage its developers to spend part of the workday contributing to open source whether or not a project is managed internally by the company itself.
Integrating Security into the Development Pipeline
DevOps teams are more likely to have security tools properly integrated in their development pipeline, but many still struggle to do it well.
Long-Running Study Finds Uptake of Private Clouds from Azure, AWS and GCP
By one measure, it seems obvious that the migration of workloads to the public cloud has accelerated. In last year’s study, only 33% of workloads were in the public cloud, while today the figure is 57%.
Data Sharing Key to Success for COVID-19 Data Models
Integrating unstructured data is the top data challenge encountered when developing AI according to 57% of the survey by MIT Technology Review Insights.
Don’t Forget Viruses, the Computer Kind
While the anti-virus market is passe and mature, but security vendors continue to monitor for new threats and have embraced a broader category, endpoint detection and response (EDR), that combines elements of anti-malware with newer tools that provide real-time anomaly detection, forensic analysis and remediation capabilities. Unsurprisingly, EDR is poised for rapid growth.
CNCF Survey Snapshot: Tech Adoption in the Cloud Native World
Container adoption appears to have mitigated the growth of VMs that need to be managed. However, be wary of claims that the raw number of machines being managed will decline.
Tech, Even Big Tech, Is Still Trusted
Most people still trust brands like YouTube and even Facebook.
Knative Crowds out Other Serverless Software (and Other CNCF Survey Takeaways)
Knative’s popularity hurts installable software alternatives for serverless. Newly added to the survey, Knative is adopted by 17% of respondents that use a hosted platform or installable software for serverless. Kubeless, Apache OpenWhisk, Oracle’s Fn, and Fission all saw sharp drop-offs in adoption and community activity. Among the installable software players, only OpenFaaS maintained its popularity.
Survey Results: Service Mesh Useful for Security, Observability and Traffic Control
Service meshes have yet to become adopted by “early majority” technology adopters, but 46% of the survey are piloting them or have plans to evaluate or implement them in the next 12 months. Stories of successes and failures in production environments may affect these plans.
Problems With Sharing Responsibility for Security
Not everyone believes security is their job, though security professionals will get fired if something goes wrong.