One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8359415 |
| Date de publication | 2023-07-20 16:03:33 (vue: 2023-07-20 21:06:43) |
| Titre | Sécurité de la chaîne d'approvisionnement pour Go, partie 3: décalage à gauche Supply chain security for Go, Part 3: Shifting left |
| Texte | Julie Qiu, Go Security & Reliability and Jonathan Metzman, Google Open Source Security TeamPreviously in our Supply chain security for Go series, we covered dependency and vulnerability management tools and how Go ensures package integrity and availability as part of the commitment to countering the rise in supply chain attacks in recent years. In this final installment, we\'ll discuss how “shift left” security can help make sure you have the security information you need, when you need it, to avoid unwelcome surprises. Shifting leftThe software development life cycle (SDLC) refers to the series of steps that a software project goes through, from planning all the way through operation. It\'s a cycle because once code has been released, the process continues and repeats through actions like coding new features, addressing bugs, and more.  Shifting left involves implementing security practices earlier in the SDLC. For example, consider scanning dependencies for known vulnerabilities; many organizations do this as part of continuous integration (CI) which ensures that code has passed security scans before it is released. However, if a vulnerability is first found during CI, significant time has already been invested building code upon an insecure dependency. Shifting left in this case mea |
| Envoyé | Oui |
| Condensat | fuzz if in security shifting vs 2020 2022 about actions address addressing all allowing already also alters are attacks automated availability avoid became because becomes becoming been before bugs building built but can case cases chain check closing code coding come commitment complex compromised consider continues continuous continuously contribute countering covered covers creating cycle debugging demand dependencies dependency dev developers development difficult directly discovered discuss discussed during earlier early easily ecosystem ecosystems edge editor effort eight eligible enjoyed ensures everyone example exploits extension extensionthe extract features final find fingertips first found free from function functions future fuzz fuzzing get goes gogo goin good google gophercon govulncheck great has have having help helps how however huge humans ide implementing include included including incorporated information inputs insecure insight installment integration integrity interest invested investing invoking involves issues its itself jonathan julie keeping keynote know known language learn left leftthe left” levelin library life like loaded locally maintain major make management many may means meet metzman miss module more native need new not often once only open operation organizations oss out package part passed people pkg planning plays plugin possible post practices prior problems process program programming project projects protect provided provides qiu real recent refers release released reliability reliable repeats right rise role run running same scan scanning scans sdlc secure security security: september series set several shift shifting significant simply since software solutions solving source special standard started steps studio supply supports sure surfacing surprises team teampreviously testing tests them these they threats through time today tool tools toolset toward tutorial two type unwelcome upon use visual vulnerabilities vulnerabilities; vulnerability vulnerable walks way well when whether which who will working write years you your “shift “standard |
| Tags | Tool Vulnerability |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.