One Identity Offers Free Security Risk Assessment to SolarWinds Customers and Free Safeguard for Proactive Privilege Defense

Comments: Codecov Bashed Uploader Security Compromise – Check Point

Comments by: Jon Ng, Head, Cloud Security Engineering, APJ, at Check Point Software Technologies

Following the SolarWinds Sunburst attack, this is another supply chain hack that further highlights the security challenges resulting from the rapid-release cycles that are typical of modern application development and deployment, also known as the DevOps movement. Organisations need to be aware that the use of public code repositories and development platforms, while necessary, carries inherent risk. In many cases, applications are developed either without proper security controls in place, or at best with security being bolted on at the end of the development cycle as an afterthought.

As a security best practice, Check Point strongly recommends our customers to extend their DevOps workflow to ensure that security features are automatically integrated into an application from the beginning. This is known as shifting left, and involves not only a mindset change, but also equipping the development team with automated security tools such as code scanning, container image scanning and runtime protection. Shifting left allows for security to become a seamless and frictionless part of the development workflow and ensures accurate identification and remediation of any vulnerabilities and threats.

This site uses Akismet to reduce spam. Learn how your comment data is processed.