End of Support: A Catalyst to Application Lifecycle Modernization

As many of you know, the standard Microsoft lifecycle policy is 10 years of support (5 for mainstream + 5 for extended support) for business and developer products, such as SQL and Windows servers. At the end of the extended support period, patches or security updates are no longer provided, creating security and compliance issues. […]

Read More

Chef Habitat and the runC vulnerability (CVE-2019-5736)

An article was shared yesterday detailing a runC vulnerability that affects Docker and Kubernetes where a malicious container can overwrite a host system’s runC binary, thus allowing root-level code execution on the host. This is an operations nightmare and it made me think of how Chef Habitat can help in these situations. I’d like to give […]

Read More

Introducing the Chef Automate Identity & Access Management Version Two (IAM v2) Beta

Chef Automate is the DevOps dashboard for Chef-managed infrastructure, compliance, and applications, with scalable data ingest for fleets of more than 100,000 nodes. Our large enterprise customers already use Chef Automate to provide actionable analytics and insights to hundreds of their teams. To enhance security of Chef Automate at scale, we’re adding role and project-scoped […]

Read More

Preparing for Audits with InSpec

Preparing for a compliance audit can be an overwhelming process. Coordinating and translating requirements between teams is often a time consuming, manual process, regressions uncovered between audits can drive friction between internal IT and security teams, and between the rise of cloud and container solutions and numerous emerging regulatory frameworks, the sheer breadth of what […]

Read More

Chef’s Approach to CIS Critical Security Controls v7.0

The Center for Internet Security (CIS) have just released the latest version of the Critical Security Controls, designed to provide patterns and practices to help protect organizations and data from cyber attacks. These updated controls have been developed based on feedback from actual cyber attacks faced by organizations using input from a wide spectrum of […]

Read More

Applying Compliance on Azure Government with InSpec

In government, compliance and security are a critical component of our job function. The current state of compliance frameworks are bulky and unwieldy for those inexperienced with OpenSCAP/XML. Microsoft Azure Government cloud and InSpec are designed to provide a common language for security, compliance, and automation teams to converge around. Azure Government is designed to […]

Read More

Understand how Chef Supports the AWS Shared Responsibility Model

One of the key reasons organizations look at cloud migration is to improve the security of their IT systems. Cloud vendors such as AWS bring a level of expertise and scale to security that is impossible for an IT organization to replicate in a traditional datacenter. Even so, it’s critical to understand what security tasks […]

Read More

Detect Spectre and Meltdown Vulnerabilities with InSpec

Earlier this month, Google Project Zero announced several security vulnerabilities in many modern processors, commonly referred to by the names Spectre and Meltdown. These vulnerabilities arise from the exploitation of performance optimizations in modern CPUs, features known as branch prediction and speculative execution. You can read more about these hardware vulnerabilities at the Spectre Attack […]

Read More

Improvements for Windows and InSpec

We are proud to announce some major improvements recently implemented in InSpec. Jerry Aldrich and I, two members of Chef’s InSpec Engineering team, have added two features which considerably improve performance when used with the Windows platform. Backend Caching Improvements First, we have added backend caching for commands. This change enables InSpec to cache the […]

Read More