End of Support: A Catalyst to Application Lifecycle Modernization

As many of you know, the standard Microsoft lifecycle policy is 10 years of support (5 for mainstream + 5 for extended support) for business and developer products, such as SQL and Windows servers. At the end of the extended support period, patches or security updates are no longer provided, creating security and compliance issues. […]

Read More

Achieving Federal Compliance with Chef Automate and Chef InSpec

Federal agencies work hard to provide value to consumers of their services, but in order to deliver updates at the velocity their customers demand, they must ensure their infrastructure is hardened and secure throughout the software development lifecycle. Chef Software, for over a decade, has helped Federal agencies automate how they build and manage this […]

Read More

Reducing Audit Pain with Continuous Compliance

No one questions that audits are stressful, painful and time-consuming. But organizations — financial institutions especially — must conduct audits to ensure security and validate compliance regulatory requirements. As security threats increase or regulations change, entities in turn must conduct more audits. But how can a company stay competitive when so much time and resources […]

Read More

Chef Open Source Community: Year in Review

Throughout 2018, we published monthly community updates to summarize valuable new features & and developments in Chef’s open source projects (Chef, Habitat and InSpec) as well as ecosystem tools & content like Test Kitchen, Foodcritic, Supermarket, Habitat core plans, and InSpec profiles & plugins. For the month of December, we thought we would use the […]

Read More

Detect Kubernetes Vulnerabilities with InSpec

Earlier this week a critical security vulnerability was uncovered in the Kubernetes API server. The vulnerability, CVE-2018-1002105, uncovers an attack vector that would allow an unprivileged or unauthenticated user to escalate their privileges and run arbitrary commands with cluster-admin level access. The severity of this vulnerability is compounded by the fact that because these unauthorized […]

Read More