Blog

The xz backdoor was a vulnerability in XZ Utils, a popular data compression library. The xz backdoor could let unauthorized users gain admin-level access to systems, endangering data security and much more. Read on to learn more about the xz backdoor, where it came from, and how to minimize the impact of software vulnerabilities in your systems.

We are committed to maintaining the highest standards of security — here's how we further strengthened our security practices thanks to valuable input from an independent security researcher.

VM configuration gets a virtual machine (VM) ready for use with CPU, RAM, software & more. Here's how to automate complex VM configuration management at scale.

The consequences of not patching are everywhere: remember the Log4j vulnerability that grants hackers complete access to your devices? The best way to prevent this from happening is to use a patched version of Log4j — so why did this become a catastrophic and prolific security vulnerability event?

Observability provides crucial insights to an IT system & its components. Agent-based automation makes sure observability tools don't run into scaling problems.

Keep hackers at bay and pass your next audit without hassle — here’s why you need continuous compliance and risk management.

Conducting impact analysis for your infrastructure code can help you make better decisions, avoid unexpected effects, and take on the right level of risk with each code deployment.

The AWS OpsWorks Puppet Enterprise integration was a fully managed service to help you accelerate your migration to the cloud. AWS OpsWorks for Puppet Enterprise end-of-life (EOL) was March 31, 2024. Find out what to do next and discover options for your Puppet-managed infrastructure.

CIS Benchmarks are important for security and compliance. In this blog, you'll get an overview, plus learn how to enforce CIS Benchmarks with Puppet.

Learn about the intersection of security and productivity with Platform Engineering best practices, all while strengthening your data security and privacy efforts.

DISA STIGs outline system security recommendations for DoD contractors, and they're a heavy lift for any DevSecOps team. In this blog, learn how Puppet Enterprise and Security Compliance Enforcement premium features can help you cut down on the time it takes to configure and maintain DISA STIG compliance.

Are you staying on top of security in the cloud? Explore tactics and tips for privacy and data security, common challenges, and so much more.