tag:blogger.com,1999:blog-72107465677971437402024-03-20T22:24:07.433-04:00Meera's BlogThis blog is all about my work, which is my passion. In other words, its all about Java, JEE, .NET, Software Security, book reviews, my articles, and much more.Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.comBlogger144125tag:blogger.com,1999:blog-7210746567797143740.post-10571091580960832092018-10-13T13:16:00.005-04:002018-10-13T13:16:39.370-04:00Speaking at DevOps World | Jenkins World Nice, France October 24th 2018To make oneself aware of what you are getting into, you are asked to read the terms, conditions, restrictions, etc etc of any document, email so you don't miss the fine print. I was caught in one such email where I missed reading the fine print. Lucky me, I didn't get into trouble for not reading the fine print, but hit a jack pot. Yes, super excited now that I will be speaking at the DevOps Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com1tag:blogger.com,1999:blog-7210746567797143740.post-19657165300269193532018-07-19T15:00:00.002-04:002018-07-19T15:00:20.355-04:00Consider cross-trained mentorsI am glad Carla picked my Mentoring quote for this article. I myself have seen the benefits of being a mentee and a Mentor.
https://enterprisersproject.com/article/2018/7/7-ways-foster-culture-learning-itMeera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-29666908110048815412018-07-15T19:04:00.001-04:002018-07-15T19:04:31.012-04:00My articles on Synopsys BlogSharing a common link which has all the articles I have written for Synopsys on CI/CD, DevSecOps and a few other topics I deeply care about.
https://www.synopsys.com/blogs/software-security/author/msubbarao/
Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-63407414056687421542018-07-15T19:02:00.000-04:002018-07-15T19:02:07.321-04:00Common security challenges in CI/CD workflowsWhat are the common security challenges in CI/CD workflows? I wrote a blog to answers these questions here: https://lnkd.in/dmPjZwx … Subscribe to our blog to stay up-to-date with all things #CICD.Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-10413853363313827002018-06-13T08:16:00.001-04:002018-06-13T08:16:05.704-04:00Research-backed perspectives on the state of DevSecOps.
My article live today on SC Magazine UK edition. Take a look at your leisure - Research-backed perspectives on the state of DevSecOps.
And the link: https://www.scmagazineuk.com/research-backed-perspectives-on-the-state-of-devsecops/article/767217/
Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-2932735543464177572018-05-11T10:40:00.000-04:002018-05-11T10:40:01.076-04:00How to integrate SAST into the DevSecOps pipeline in 5 simple stepsTime and again, clients have asked me how to integrate SAST tools into their DevSecOps pipeline. They ask key questions like these:
How do I manage false positives?
How do I triage the results?
What happens to new issues identified?
My scan takes 4–5 hours to complete. How can I use this tool in my DevSecOps pipeline?
What do you mean by “baseline scan”?
Having a decade long experience inMeera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-50245911692820590992018-04-11T05:37:00.001-04:002018-04-11T05:37:29.790-04:00Speaking at DevOpsDaysRox, Denver
Attending @DevOpsDaysRox? Come listen to my presentation "Know Your Enemy, And Yourself: Demystifying Threat Modeling.
http://okt.to/ZDQ2dC
Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-39834994825986320772018-04-10T14:03:00.003-04:002018-04-10T14:04:42.246-04:00USA Today Article - Harnessing the Power of Women in Technology USA Today recently featured three Synopsys engineers, who reflect on their experiences as women in tech and offer advice on carving out success in a male-dominated field. I am honored and humbled to be one of them. Link here: https://lnkd.in/ddaqkBr
Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-41549982091782602042018-03-06T14:46:00.003-05:002018-03-06T14:47:58.540-05:00#ContinuousSecurityHas continuous security arrived with the rise of rapid development? @TechBeaconCom talks to @synopsys' @MeeraRRao(that's me) about the increased number of orgs using developers to do #SwSec testing. Read more: http://okt.to/vzpPs6 #Cybersecurity #AppSecMeera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-12183373960854894402018-02-22T09:54:00.001-05:002018-02-22T09:54:42.221-05:00#MentorHerHere is my story in support of the #MentorHer movement illustrating how two of my Mentors Girish and Kabir encouraged me to dream big and empowered me to achieve my goals. Have a read! #MentorHer
https://www.synopsys.com/blogs/software-security/mentorher/
Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-37855039990797612692018-02-14T14:17:00.001-05:002018-02-14T14:17:29.105-05:00Women In DevOps: Meera Subbarao
Women in DevOps, DevOps Queen, Leader in DevOps - lots of new titles. Was a very long tough journey to get here, but well worth it. Hope I can inspire many more women and men alike. Take a look at the interview cloudbees did. #hardworkspays And love the line I said " I hope I have helped break the glass ceiling for women in DevOps."
And here is the link for the article itself:
Women in Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-42388576306790567472017-11-24T08:32:00.003-05:002017-11-24T08:35:38.079-05:00Press Commentary to SC Magazine UKI gave a press commentary earlier this week on web application security, and how the landscape has changed. Davey Winder has used some of my comments in his piece, which went live this morning. The article is called "
OWASP vulnerability chart suggests web app devs are not smelling the security coffee"
The article link is attached below:
https://www.scmagazineuk.com/Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-76253994813994566202017-10-08T20:34:00.003-04:002017-10-08T20:34:34.597-04:00Building application security in from start to finish - SD Times ArticleI was interviewed by SD times website. Attached is the link for the interview posted on October 1st 2017.
http://sdtimes.com/building-application-security-start-finish/Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-66208246085014299762017-09-08T13:35:00.001-04:002017-09-08T13:35:24.278-04:00Search Files and Copy to a FolderIt has been a herculean task creating, updating Visio since I got a Windows Virtual Machine from my company for my Mac. Sharing folders, the virtual machine crashing, copying back and forth, and the numerous folders I had were making things even worse.
So, I decided to keep all windows specific files in one single folder so it would be easy to share those specific folders and manage them. When IMeera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-25811117066590557692017-07-07T15:49:00.002-04:002017-07-07T15:49:06.550-04:00Building your DevSecOps pipeline: 5 Essential Activities
Published an article on building your #DevSecOps pipeline: 5 essential activities http://bit.ly/2tWJU1G on my company's blog. Read at your leisure, share your thoughts.Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-85808417325679461152017-05-23T08:24:00.000-04:002017-05-23T08:28:36.585-04:00Software Test Professionals Fall Conference 2017, September 26 – 29I will be speaking in the Software Test Professionals Fall Conference 2017, September 26 – 29, held in the DC Metro Area on Risk Based Security Testing. It is a 60 minute session.
Below is the link to my speaker page.
Speaker - Meera
And the link to the conference page:
STP ConferenceMeera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-35830894602394327072017-05-19T17:01:00.003-04:002017-05-19T17:01:25.988-04:00Building security into the DevOps life cycleA new eBook I wrote for my company has just been published. Download a copy from the company website.
The primary goal when breaking the build in the CI/CD DevOps life cycle is to treat security issues with the same level of importance as quality and business requirements. If quality or security tests fail, the continuous integration server breaks the build.
When the build breaks, the CI/CDMeera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-9008565590799255712017-03-10T09:29:00.000-05:002017-03-10T09:29:13.085-05:00New Apache Struts 2 Zero-Day Vulnerability: What You Need to KnowSynopsys just published an article about the critical Struts 2 vulnerability. Read to know how to mitigate the same.
https://blogs.synopsys.com/software-integrity/2017/03/10/apache-struts2-zero-day-vulnerability/
Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com1tag:blogger.com,1999:blog-7210746567797143740.post-77028968553996859952017-03-08T12:11:00.004-05:002017-03-08T12:11:35.923-05:00#BeBoldForChange on International Women’s Day 2017And here is the one I wrote for my company Synopsys.
https://blogs.synopsys.com/software-integrity/2017/03/08/beboldforchange-international-womens-day-2017/
Read at your leisure!Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-79912039056142612962017-03-08T09:49:00.003-05:002017-03-08T09:49:22.117-05:00#BeBoldForChange
Today is International Women's day. The UN theme for 2017 is
Empowering Women: Empowering Humanity #BeBoldForChange. What better way to
celebrate it than by writing a blog post about breaking the stereotype messages
we hear all the time?
I am bold and strong being a woman.
I am bold and fierce being a Senior Principal Consultant in
the Security Consulting world, which is dominated by Men.
IMeera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-73680225991431172792017-03-06T12:58:00.001-05:002017-03-08T15:19:25.835-05:00Speaking at We RISE Women in Tech ConferenceMy talk has been selected for We RISE Women in Tech Conference. The conference is on June 23rd Friday and June 24th Saturday at Atlanta, GA 30303.
You can find details about the conference and the venue at the link below:
We Rise Women in Tech ConferenceMeera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-88627680504166041032016-08-01T17:22:00.001-04:002016-08-01T17:22:53.482-04:00Why it's time for a new approach to agile security Q&A with @MeeraSRao via @BetaNews I did a Q&A with BetaNews about "Why it's time for a new approach to agile security Q&A".
Take a look at the same at the following link:
Link for Q&AMeera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-5643758022104526752016-08-01T17:19:00.001-04:002016-08-01T17:19:17.688-04:00Defensive Programming for JavaEE Web Applications - Workshop in Kerala 18-Aug-2016If you are in or around Kerala, come join me for a day long workshop on "
Defensive Programming for JavaEE Web Applications".
You can find all details about the workshop on the conference page located here:
http://is-ra.org/c0c0n/workshops#WS1Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-52860882347473053612016-07-11T23:27:00.002-04:002016-07-11T23:27:14.263-04:00Overcoming the 6 Most Common Threat Modeling Misconceptions
Threat modeling promotes the idea of thinking like an attacker. It enables organizations to build software with security considerations, rather than addressing security as an afterthought. However, there are some very common misconceptions that can cause firms to lose their grip around the threat modeling process. This eBook shines a bright light onto the essentials and helps to get your Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com0tag:blogger.com,1999:blog-7210746567797143740.post-90697559129547365382016-06-15T07:43:00.002-04:002016-06-15T07:45:20.538-04:00How to Build Security Into Your Software Development ProcessAn amazing ebook. Download and let us know your thoughts!
To standardize the software development life cycle (SDLC), organizations implement development methodologies to fulfill their objectives in a way that best suits their organizational goals. Whether you use Agile, Waterfall, or something in between, building security into your SDLC can improve efficiency and reduce costs if it’s done Meera Subbaraohttp://www.blogger.com/profile/09765012286550438202noreply@blogger.com1