In my previous role, I got into a situation where a team of hundreds of engineers got completely derailed by a security team running a bad "code scanning" product. It generated huge amounts of technical debt for us , but led to almost no improvements in our security posture. It slipped schedules and created huge frustration.
Not only must security teams deal with common vulnerabilities and exposures , or risks associated with open-source libraries, but serverless environments also introduce threats driven by broken access control, particularly when developers need to add permissions to support the necessary functionality. In this situation, the developer is often instructed by the security team to select from a list of predefined permissions that provides more privileged access than is necessary.
Similarly, DevSecOps teams should also be mindful of “sprawl” within serverless functions. Functions can have multiple versions, in different regions and on multiple accounts, making it hard for management and security teams to understand the overall size of the serverless inventory at the organization level. To address this, they will need strong asset management controls relevant to both cloud infrastructure and serverless.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: Newsweek - 🏆 468. / 52 Read more »
Source: sdut - 🏆 5. / 95 Read more »
Source: ComicBook - 🏆 65. / 68 Read more »
Source: sdut - 🏆 5. / 95 Read more »
Source: hackernoon - 🏆 532. / 51 Read more »
Source: hackernoon - 🏆 532. / 51 Read more »