A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
How Google moved from perimeter-based to cloud-native security (Google, Dec 17 2019)
“a whitepaper about BeyondProd, which explains the model for how we implement cloud-native security at Google. As many organizations seek to adopt cloud-native architectures, we hope security teams can learn how Google has been securing its own architecture, and simplify their adoption of a similar security model.”
Mozilla mandates 2FA security for Firefox developers (Naked Security – Sophos, Dec 17 2019)
Mozilla last week fired off an important memo to all Firefox extension developers telling them to turn on authentication (2FA) on their addons.mozilla.org (AMO) accounts.
GitLab Paid Half a Million Dollars in Bug Bounties in One Year (SecurityWeek, Dec 16 2019)
GitLab has paid more than half a million dollars in rewards to security researchers who contributed to its public bug bounty program over the past year.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Predictions 2020: What’s Going to Happen in Cloud Computing (eWEEK – RSS Feed, Dec 12 2019)
Application Programming Interface (API) security will become increasingly important, especially with increased adoption of robotic process automation and the need to secure system accounts used for automation.
Most DevOps pros feel proper certificate issuance policies slow them down (Help Net Security, Dec 16 2019)
75% of DevOps professionals are concerned that policies for issuing certificates slow down development, and over a third (39%) believe developers should be able to circumvent these policies to meet service level agreements, according to a Venafi survey.