DevSecOps: Not the Tools, the Other Bits

    If you Google “DevSecOps”, and in particular if you read the typical security vendor blogs, you’d be forgiven for thinking that the term is all about automation and tooling. However, in much the same ...

    WTF…Can You Do about Software Supply Chain Attacks without Killing Open Source?

    When the White House says something is a threat, many people’s first reaction is to work out precisely what it is that the president and his aides are really trying to distract us from.

    SLO Strategy: Balancing Strategic Vulnerability with Uptime and Engagement

    We can get overly obsessed with uptime. We can actually set service level objectives (SLOs) too high. If we zero in on five-nines across the board, we risk compromising our teammates’ ability to innov...

    Tutorial: How to Set External-Secrets with Azure KeyVault

    In this tutorial, the last in our series on the External Secrets project, we will configure Azure KeyVault in order to have a safe way to access secrets, and then configure External-Secrets to fetch i...

    Key Results and Findings from the 2021 State of DevOps Reports by Humanitec, Google and Puppet

    The pandemic accelerated the economic transition to digital-native services and products. Across industries and categories, organisations aspired to scale their development performance in the face of ...

    WTF Is Our Most Critical Cybersecurity Resource? And How Can We Preserve It?

    A few years ago, I managed a user-experience designer who excelled at design but was wholly unfamiliar with the user end of cybersecurity software. It mystified him why I would overrule a straightforw...

    Who Is Responsible for Cybersecurity?

    Last year was a lot of things. Among them, 2021 was the year of cybersecurity threats. And this year seems on track to top it. The question is becoming not if, or when, but who. Who exactly is respons...

    DevOps - The Sec is Silent

    There are two hard problems in tech: cache invalidation, naming things, and off by one errors. We have proven this over and over again through a multitude of poorly named things. Whether it’s AWS Serv...

    Tutorial: How to Set External-Secrets with Hashicorp Vault

    External Secretsis an Open Source Kubernetes operator that integrates with external secret management systems such as AWS Secrets Manager, HashiCorp Vault, Google Secret Manager, and Azure Key Vault, ...