Photo by Robynne Hu on Unsplash In the perilous realm of digital security, trust is fragile. Transport Layer Security (TLS) web server authentication relies on trust anchors, but a flaw in the design puts web entities at risk of malicious impersonation. This article explores the origin of certificates in the RHEL root trust store and […]
The Problem with Security and Compliance Mixture When talking to customers or colleagues, I often see two distinct topics being conflated: Compliance and (IT-) Security. Some customers have requirements they say MUST be fulfilled. When asked what their goal with this requirement is, they cannot elaborate the intention. They often fall back into saying that […]
What is Software Supply Chain Security ? In this day and age most of us are looking for trust and security. This is also true for our IT infrastructure as challenges from the outside grow more and more dangerous to the continuation of undisturbed business. Attacks on the IT infrastructure of companies not only rise […]
Historically, there have been two schools of thought about patching: Patch as soon as a patch is available to eliminate security risks versus testing the patch extensively before it is applied to production systems ( aka “Never change a running system” ). One of the main reasons why you might feel the need to patch […]
This blog kicks off a series of 4 blog articles. They will all be available here, as soon as they get published. Run: Get your Angular, Python or Java Dockerfile ready with Red Hat’s Universal Base Image and deploy with Helm on OpenShift Develop: The Inner Loop with OpenShift Dev Spaces Build: From upstream Tekton […]
How to achieve a sound & compelling governance handling change requests, incidents and problem tickets in a DevSecOps scenario – based on authors’ field experience with end to end automation.
Being a life-long techie, I’ve been working with the Open Systems Interconnection (OSI) model for over 30 years in various organisations and it is a tried and tested model on which all modern networks are based. I’ve also worked to secure each layer to ensure that communication and data transfer mechanisms conform to the well […]
This post demonstrates how you can protect your mobile apps and adding Open ID Connect based single sign on by integrating Red Hat Mobile with Red Hat SSO. The adapters provided by the Keycloak upstream project can be used for handing over user authentication to Red Hat SSO instead of building your own OIDC clients. […]