A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

DevSecOps – A New Chance for Security (DZone, May 30 2018)
There is a bit of a problem here. Most security professionals don’t code. Likewise, the majority of software developers know very little about security. How do we most effectively bring these two camps into alignment?

Open Bug Bounty creates free bug bounty program (SC Magazine, May 30 2018)
Open Bug Bounty has added a new free service that will allow organizations to create their own bug bounty program.

Security of HTML5 May Not Live Up to Promise (Infosecurity Magazine, May 25 2018)
Lauded as the solution to Flash problems, HTML5 security is called into question.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

AgentRun’s misconfigured S3 bucket exposes PII insurance companies’ customers (SC Magazine, May 25 2018)
Information on insurance policies as well as health, medical and financial data were accessible by the public because no password was required.

How to Prevent Cloud Configuration Errors (Infosec Island, May 30 2018)
With unified visibility into the whole network, at all levels, IT managers will be able to strike a balance between security and functionality.

10 Free DevOps-Friendly Security Tools Developers Will Love (Dark Reading, May 25 2018)
Start building an affordable DevSecOps automation toolchain with these free application security tools.

Securing Third-Party and Open Source Code Components: A Primer (DevOps, May 24 2018)
How, then, can teams ensure the security of applications built with code components? The solution lies in three key steps: Start with education, Introduce clear processes, and Drive innovation with DevSecOps.

Vulcan Cyber Announces $4M Seed Round to Help Enterprises Eliminate Vulnerability Remediation Gap and Achieve Continuous Protection (| Business Wire, May 30 2018)
Vulcan provides insight that enables continuous evaluation of exposure and prioritization of remediation. Vulcan then orchestrates patch management, IT service management tools and the teams and tasks needed to continuously remediate the most critical exposure in production environments.

PGP Founder: Don’t Disable Encryption Service (Infosecurity Magazine, May 29 2018)
Experts claim EFF advice and reporting of new flaws could do more harm than good

How ChromeOS Dramatically Simplifies Enterprise Security (Cloud Security Alliance, May 25 2018)
A survey of more than 700 respondents showed that nearly half of organizations will definitely purchase or probably will purchase Chromebooks by EOY 2017.