Operations | Monitoring | ITSM | DevOps | Cloud

cloudsmith

OWASP CI/CD Top 10: Inadequate Flow Control in CI/CD Pipelines

Apr 17, 2025 By Nigel Douglas In Cloudsmith
With the recent shake-up around CVE funding and broader questions about long-term support for cybersecurity infrastructure, one thing is clear: controlling what you can is more important than ever. This is abundantly clear in modern software development practices which rely heavily on CI/CD systems, which in turn serve as the primary conduit from a developer’s local environment to production.
Read Post
cloudsmith

Cloudsmith introduces EPSS Scoring in Enterprise Policy Management (EPM)

Apr 2, 2025 By Nigel Douglas In Cloudsmith
Cloudsmith’s Enterprise Policy Management (EPM) now supports the Exploit Prediction Scoring System (EPSS), a data-driven metric designed to estimate the probability of a software vulnerability being exploited in the wild. Using EPM in Cloudsmith, you can now use a package’s EPSS score to inform your package workflows, including those around Package Promotion and Package Quarantine.
Read Post
Understanding Zero Day Malware: The Invisible Threat

Understanding Zero Day Malware: The Invisible Threat

Apr 2, 2025 By OpsMatters In OpsMatters
In today's rapidly evolving digital landscape, cybersecurity threats continue to grow in both sophistication and impact. Among these threats, zero day malware stands out as particularly dangerous because it exploits previously unknown vulnerabilities in software or hardware. These vulnerabilities, known as "zero day vulnerabilities," have not yet been patched by vendors, leaving systems completely exposed with no existing defenses. This creates a critical window of opportunity for attackers to compromise systems before security teams can respond.
Read Post
canonical

Securing Software Supply Chains: New Research Highlights Industry Vulnerabilities

Mar 31, 2025 By Hugo Huang In Canonical
New IDC study, co-sponsored by Canonical and Google Cloud, reveals the challenges and opportunities for organizations securing their software supply chains. Today, Canonical and Google Cloud released findings from a joint research project conducted by the International Data Corporation (IDC) that sheds light on the critical challenges organizations face in securing their software supply chains. The report, “The State of Software Supply Chains.
Read Post

Part 1: Solving the Top 10 Problems with Vulnerability Management | Security Insights, Ep. 49

Mar 25, 2025 By Ivanti In Ivanti
We promised we'd come back with the solutions to all your vulnerability management problems, so here we are. Plus, we're counting down in unranked order *and* starting from on our list, just to keep you on your toes. Ivanti's Chris Goettl and Robert Waters will go through how you can address resource constraints, siloed tools and data, limited attack surface visibility, inaccurate view of exposures and data overload.
View Video
haproxy

Protecting against Next.js middleware vulnerability CVE-2025-29927 with HAProxy

Mar 25, 2025 By Ron Northcutt In HAProxy
A recently discovered security vulnerability requires attention from development teams using Next.js in production environments. Let’s discuss the vulnerability and look at a practical HAProxy solution that you can implement with just a single line of configuration. These solutions are easy, safe, and incredibly fast to deploy while planning more comprehensive framework updates.
Read Post
ivanti

Why the Common Vulnerability Scoring System (CVSS) Is Necessary - But Also Insufficient

Mar 12, 2025 By Derek Illum In Ivanti
Measuring the risks posed by vulnerabilities — to the greatest degree of accuracy — is no simple task. It’s common for organizations to use the Common Vulnerability Scoring System (CVSS) by default, to come to terms with the size and scope of vulnerabilities. But while CVSS is a useful tool, it’s not immune from its own vulnerabilities.
Read Post
puppet

How to Take Your Vulnerability Management Program to the Next Level: Automation Strategies & Tactics

Mar 11, 2025 By Robin Tatam In Puppet
A well-built vulnerability management program covers everything from detection to patching to documentation, reporting, and ongoing measurement. Taking a structured approach to vulnerability management is a differentiator for DevOps teams: The more you can automate and enforce, the less time and effort it takes to find, fix, and monitor software vulnerabilities.
Read Post

The Top 10 Problems with Vulnerability Management | Security Insights, Ep. 48

Mar 6, 2025 By Ivanti In Ivanti
The Top 10 Problems with Vulnerability Management | Security Insights, Ep. 48 Vulnerability management is not for the faint of heart. The pitfalls are many, and odds are you probably have at least one of these issues. Ivanti's Chris Goettl and Robert Waters run down the list of what can get in the way of vulnerability management done well -- from attack surface visibility to data overload and resource constraints -- all with an eye on how those problems can be addressed. (Which we'll have more on next time. We promise.)
View Video

Copyright © 2026 OpsMatters™. All rights reserved.