Captain's Log, Stardate 2021.09-17


Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack

J1_Ambassador Hunter @2x

Travis CI flaw exposed secrets of thousands of open source projects | arstechnica/Ax Sharma
A security flaw in Travis CI potentially exposed the secrets of thousands of open source projects that rely on the hosted continuous integration service. Worse, the dev community is upset about the poor handling of the vulnerability disclosure process and the brief "security bulletin" it had to force out of Travis. Read the full story...

The Case for a SaaS Bill of Material | CSO Online/Chris Hughes and Walter Haydock
A lack of answers as to what consumers will do with SBOMs once they receive them, it is even less clear as to how to develop them for vendor-managed deployment models such as software as a service (SaaS). To address this challenge, we propose a framework for what a SaaS bill of material (SaaSBOM) should look like.  Read the full story...

The Absolute Minimum Every Developer Must Know about AWS Security | Nishant Thorat
Whatever your profession, chances are you will have to work or interact with the cloud. Terms such as VPCs, subnets, security groups, and ECS will no longer sound unfamiliar. But have we really grasped the gravity of this seismic shift? Many of you will have encountered a Gartner warning, “Through 2025, 99% of cloud security failures will be the customer’s fault.” IAM is about understanding what identities have which accesses and to what degree. Understanding IAM is crucial for any well written application and its secure deployment in the cloud, especially in a serverless world. Read the full story...

Principles Of External Attack Surface Protection: Discover Everything | Forbes/Rob Gurzeev
The concept of an “attack surface” includes any asset that an attacker may see on or with a path to your network. For a large enterprise, the modern externally exposed attack surface can include thousands of segmented networks, tens or hundreds of thousands of devices, thousands of applications and dozens or hundreds of connected partners. Talk about endless exposure! Read the full story...

4 Questions About Cyber Asset Attack Surface Management (CAASM) | Jennie Duong
We’re here to answer some frequently asked questions that we receive from the community about this emerging market: What is Cyber Attack Surface Management (CAASM)? And why does it matter? How do CAASM tools work? How do security teams benefit from CAASM? How can CAASM complement other technologies like SIEM, SOAR, XDR, vulnerability management, and more? Read the full story...



JupiterOne - The Gartner Hype Cycle



Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.

Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.

As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.


cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.