Operations | Monitoring | ITSM | DevOps | Cloud

onpage

The DevSecOps Toolchain: Vulnerability Scanning, Security as Code, DAST & More

Jul 28, 2023 By Gilad Maayan In OnPage

DevSecOps is a philosophy that integrates security practices within the DevOps process. DevSecOps involves creating a ‘security as code’ culture with ongoing, flexible collaboration between release engineers and security teams. The main aim of DevSecOps is to make everyone accountable for security in the process of delivering high-quality, secure applications. This culture promotes shorter, more controlled iterations, making it easier to spot code defects and tackle security issues.

Read Post

End-to-End Risk-Based Vulnerability & Patch Management from Ivanti

Jul 26, 2023 By Ivanti In Ivanti
Ivanti has created an end-to-end vulnerability prioritization and patching experience to automate the handoff of CVEs from security teams to IT ops. Customers can now remediate vulnerabilities more quickly and easily than ever with this risk-based vulnerability and patch management solution. Ivanti finds, heals, and protects every device, everywhere – automatically. Whether your team is down the hall or spread around the globe, Ivanti makes it easy and secure for them to do what they do best.
View Video

Spotting Vulnerabilities at Rest and at Runtime feat. Cloudsmith and Sysdig

Jul 18, 2023 By Cloudsmith In Cloudsmith
The rise and popularity of containers and Kubernetes have revolutionised the IT industry but also introduced a lot of complexity including a huge number of vulnerabilities coming from different container image layers. To master those vulnerabilities both DevOps and Security teams are struggling to prioritise and address them, often without sufficient clarity or accountable insights.
View Video
NinjaOne

Unpatched Microsoft 0-Day: How to Mitigate CVE-2023-36884 with PowerShell

Jul 13, 2023 By Jonathan Crowe In NinjaOne

Microsoft's July 2023 Patch Tuesday updates highlighted several vulnerabilities under active exploitation, including one (or more?) that remains unpatched. Here's what you need to know about CVE-2023-36884, a zero-day vulnerability that attackers are exploiting to gain remote code execution via "specially-crafted" Microsoft Office documents.

Read Post
grafana

Trusted Types: How we mitigate XSS threats in Grafana 10

Jul 11, 2023 By Kristian Bremberg, Tobias Skarhed In Grafana

Grafana is a rich platform for data visualization, giving you full control over how your data should be visualized. However, this flexibility and freedom comes with some challenges from a security perspective — challenges that need to be solved to protect the data in Grafana. For years, cross-site scripting (XSS) has been among the most common web application security vulnerabilities.

Read Post
canonical

Managing security vulnerabilities and compliance for U.S. Government with Ubuntu Pro

Jun 29, 2023 By Henry Coggill In Canonical
Complying with US government security standards such as FIPS, FedRAMP, and DISA-STIG is essential for federal agencies and any business that deploys systems and services for U.S. government use. However, maintaining a compliant IT ecosystem is a major undertaking, as each regulation brings a host of specialised requirements. And dealing with the never-ending stream of security vulnerabilities that require patching only adds to this task.
Read Post
InvGate

New Apple Zero-Days: Patch CVE 2023-32434 and CVE 2023-32435

Jun 28, 2023 By Brenda Gratas In InvGate
Apple released a series of patches today to address zero-day vulnerabilities CVE-2023-32434 and CVE-2023-32435. As Patch Management’s best practices indicate, the company advised updating the following products: iOS, iPadOS, macOS, watchOS, and Safari browser. Keep reading to understand the extent of the exploits and discover how to easily spot outdated devices on your network using InvGate Insight.
Read Post
ivanti

How IT Device Discovery Can Identify Your Network's Assets and Vulnerabilities

Jun 22, 2023 By Steve Feldstein In Ivanti

The security of your organization’s network is paramount to its success. With the ever-changing landscape of cyber threats, it's important to take the necessary steps to ensure that your network is secure and compliant with industry regulations. Ensuring compliance requires you to know what’s on your network. But how can that be done when only 48% of leaders and security professionals say they run their asset discovery program at least once per week?

Read Post
ivanti

How Implementing Risk-Based Patch Management Prioritizes Active Exploits

Jun 20, 2023 By Todd Schell In Ivanti

Resistance to change is always present, especially if you think the processes you have in place are efficient and effective. Many organizations feel this way about their software management procedures until they have a security breach or incident and are left wondering where they went wrong. The reality is that most patch management programs are built on assumptions and recommendations, rather than facts about actively exploited vulnerabilities. Risk-based patch management is the answer to this issue.

Read Post

What is so Pro in Ubuntu Pro?

May 31, 2023 By Canonical In Canonical
Open source is everywhere, but what’s its role in your company? According to Synopsys 2023 OSSRA research, around 96% of companies use open source in their codebases. From which at least 84% contained known vulnerabilities. Nowadays vulnerability exposure lasts for around 98 days, which means that the majority of companies are not fixing known vulnerabilities in their codebases for 3 months. This is simply not acceptable.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.