A primary purpose of DevOps is to release software builds at better quality with higher frequency. Automation in DevOps should be embraced to realize this objective, without introducing a negative effect into the quality or frequency of software released to end-users. Based on an analysis conducted by Forrester Consulting on behalf of GitLab, the report concludes organizations can save as much as $3.7 million by reducing the number of DevOps tools they need to acquire by a factor of four.
The report also claims organizations can also see a 12x increase in the number of revenue-generating application releases in a year, resulting in $12.3 million in additional revenue, while at the same time reducing code defects to generate more than $16.8 million in savings. Overall, the report says there is a 407% return on investment (ROI) in the GitLab platform.
As a global economic downturn brought on by the pandemic unfolds, many organizations are focusing on costs. Being able to accelerate the rate of application development -- and deployment -- should be part of digital business transformation initiatives. The more business processes become automated, the less expensive to maintain. This is obvious giving the more dependent organizations are becoming on software. But many leaders are navigating ways to reduce costs without forcing every member of the team to standardize.
“The European cybersecurity certification framework establishes tailored and risk-based EU certification schemes, aiming to increase the cybersecurity of online services and consumer devices. Such European cybersecurity certification scheme comprises a comprehensive set of EU-wide rules, technical requirements, standards and procedures serving to evaluate a specific product, service or process on the basis of its cybersecurity properties. Each certificate will carry one of three assurance levels, and will be recognized EU-wide.
The harmonized rules are expected to facilitate cross-border trade of relevant products and services, reduce market-entry barriers, and simplify the process of cybersecurity certification.
ENISA has received a permanent mandate with additional responsibilities and resources to better help Member States in addressing cybersecurity threats and incidents. This includes support to policy implementation, standardization, certification, crisis management and coordinated vulnerability disclosure. ENISA's mandate has been applicable since 27 June 2019. The Commission is currently preparing the requests for ENISA to design certification schemes and to establish two expert groups:
the European Cybersecurity Certification Group, consisting of Member States representatives; and
the Stakeholder Cybersecurity Certification Group, mandated to advise ENISA and the Commission.
I.a. on the basis of a public consultation, the Commission will identify strategic priorities for certification and a list of ICT products, services and processes to be included in the scheme.”
Security researchers are warning Linux system users of a bug in the Linux kernel version 4.9 and up that could be used to hit systems with a denial-of-service attack on networking kit. The warning comes from Carnegie Mellon University's CERT/CC, which notes that newer versions of the Linux kernel can be "forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (DoS)".
It lists a number of network-equipment vendors, PC and server manufacturers, mobile vendors, and operating-system makers that may be affected but notes that it hasn't confirmed whether any of them actually are. But, given the widespread use of Linux, the bug could affect every vendor from Amazon and Apple through to Ubuntu and ZyXEL. A remote attacker could cause a DoS by sending specially modified packets within ongoing TCP sessions. But sustaining the DoS condition would mean an attacker needs to have continuous two-way TCP sessions to a reachable and open port.
