Operations | Monitoring | ITSM | DevOps | Cloud

Software vulnerabilities are part of our lives in a digitalized world. If anything is certain, it’s that we will continue to see vulnerabilities in software code! Recently the CVE-2020-0601 vulnerability, also known as CurveBall or “Windows CryptoAPI Spoofing Vulnerability”, was discovered, reported by the NSA and made headlines. The NSA even shared a Cybersecurity Advisory on the topic. Anthony previously talked about it from a public sector and Vulnerability Scanner angle.

To complement distributed tracing, runtime metrics, log analytics, synthetic testing, and real user monitoring, we’ve made another addition to the application developer’s toolkit to make troubleshooting performance issues even faster and simpler. Today, we’re excited to introduce Profiling—an always-on, production profiler that enables you to continuously analyze code-level performance across your entire environment, with minimal overhead.

In this age, businesses that provide the best service survive, and when technology becomes the only means to deliver the best service then IT service management is not a question of why but a must. ITSM enables organizations to build a business around better IT support structures, so they can create the best product or service experience. In this blog, we will talk about some of the fundamental questions around ITSM.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In the first Five worthy reads of this year, we’ll explore data democratization in detail, from its definition to its pros and cons, and provide some ways to use it for data empowerment.

Source control, aka version control, is the method of tracking and managing changes to software code. Source Control Management (SCM) systems offer a running history of code changes and can be particularly helpful for teams of developers making changes to the same files. As a critical aspect of responsible software development, source control helps developers track code changes, see complete revision history, and revert back to a previous version of a project if needed.

Ever walk into a corner market, push on the door and find it won’t open? You look down at the handle and are reminded by a sign on the door that you have to “pull” to open it? The LogicMonitor platform uses an agentless collector to pull metrics from thousands of devices and resources into a unified monitoring view (no agents required). We currently offer more than 2,000 LogicModules out-of-the-box that gather metrics from all kinds of systems using many different protocols.

Security is one of the most talked-about topics for Kubernetes users. Google “Kubernetes security” and you’ll find a huge number of articles, blogs and more. The reason is simple: you need to align your container and Kubernetes security with your organization’s existing security profile. Kubernetes has some strong security best practices for your cluster—authentication and authorization, encryption in secrets and objects in the etcd database—to name a few.

Arild Jensen, SRE Manager at Upwork, talks about his journey into SRE and some best practices he picked up along the way including implementing a blameless culture, code review and making decisions based on hard data.

For some organizations, even the best isn’t quite enough. That’s why JFrog Xray provides a way for you to specify your own additional data, to detect even more sensitive issues in your binaries before they can reach production. JFrog Xray is a tool for DevSecOps teams to gain insight into the open source components used in their applications.