Secure software development insights from The Linux Foundation
Monday, February 5, 2024 by Richard Harris
The Linux Foundation published a new report, Maintainer Perspectives on Open Source Software Security, based on a survey of OSS maintainers and core contributors, to understand perspectives on OSS security and the uptake and adoption of security best practices by maintainers, core contributors, end users, and other members of the OSS ecosystem.
Maintainer Perspective...
Open Bug Bounty has fixed 1 million vulnerabilities
Monday, November 7, 2022 by Brittany Hainzinger
Open Bug Bounty is an open, disintermediated, cost-free, and community-driven Bug Bounty platform for coordinated, responsible, and ISO 29147 compatible vulnerability disclosure. It passed the milestone on 27 October of fixing over 1,000,000 web security vulnerabilities.
The Open Bug Bounty project enables website owners to receive advice and support from&n...
ImmuniWeb Neuron web security scanning
Friday, June 10, 2022 by Richard Harris
ImmuniWeb has announced the launch of ImmuniWeb Neuron, a web application and API web security scanning solution that is based on the award-winning ImmuniWeb AI Platform available.
ImmuniWeb Neuron is designed to rapidly scan tens, hundreds, or even thousands of web applications and APIs for vulnerabilities, weaknesses, and misconfigurations. It c...
DevOps predictions for 2022
Wednesday, January 19, 2022 by Richard Harris
Yoav Landman, Co-Founder, and CTO of JFrog created Artifactory after 7 years as a senior consultant with AlphaCSP. He has held several senior technical roles with Attunity, Verve, and Sausage. Yoav holds a Master of Computing degree from RMIT University and a BA in Law (LLB) from Haifa University.
Low-Code/No-Code, Metaverse, and DevOps predictions for 2022
Landma...
App modernization in 2022
Monday, January 10, 2022 by Brittany Hainzinger
Ajay Patel is the General Manager for VMware’s Modern Applications & Management Business with the mission to be the leader in application modernization, cloud-native application development, and multi-cloud management through VMware Tanzu and vRealize portfolio.
Ajay has over 30 years of enterprise software expertise. Ajay previously served as the Treasurer...
Increase developer productivity in 2022
Sunday, January 9, 2022 by Freeman Lightner
Patrick Jean is the CTO at OutSystems, where he's focused on building a great engineering culture where motivated people are free to unleash their passion doing meaningful work. With more than 20 years of engineering leadership experience, he has led multiple high-stakes, cloud transformation initiatives at SaaS providers, blending customer focus, inspired developme...
Cloud provider trends in 2022
Thursday, January 6, 2022 by Brittany Hainzinger
Amir Rapson co-founded vFunction and serves as its CTO, overseeing technology, product, and engineering. Prior to co-founding vFunction in 2017, Amir was GM and VP R&D at WatchDox until its acquisition by Blackberry, where Amir served as a VP of R&D. Prior to WatchDox, Amir held R&D positions at CTERA Networks and at SofaWare (Acquired by Check Point). Amir ...
Cloud and cyber asset management trends for 2022
Thursday, January 6, 2022 by Richard Harris
Companies have been racing to mature their technologies and pursue digital transformations in the last few years, as a way to gain or maintain competitive advantage and resilience. This has led to an emerging area of focus: cyber asset management. Organizations are now taking inventory of their IT infrastructure and prioritizing more agile cyber asset management process...
Software industry predictions in 2022 from Infragistics
Tuesday, January 4, 2022 by Richard Harris
The Infragistics experts Jason Beres, Tobias Komischke, and Dean Guida share their 2022 software industry predictions about Low-Code/No-Code, App Builders, Big Data/Embedded Analytics, UI/UX Design, Data Catalogs, and Digital Transformations.
“The biggest DevOps trend for 2022 will be low-code no-code tools that save developers time and money. Rather than being...
5G 2022 predictions from EdgeQ
Tuesday, January 4, 2022 by Richard Harris
Vinay Ravuri, CEO at EdgeQ shares his predictions for 2022 about the cloudification of 5G, the death of Moore's law, 5G & AI convergence, and more.
5G will become an essential utility and assumed “natural resource” of infrastructure. Supplying the digital “pipeline” and harnessing data currency will become a focal point of national sec...
App security testing platform lands from Oxeye
Monday, January 3, 2022 by Freeman Lightner
Oxeye announced the company’s Cloud-Native Application Security Testing Platform (CNAST). The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle, delivering clear guidance for fast and accurate remediation.
App security testing platform CNAST
Accor...
Oxeye closes a $5.3 Million seed financing round
Thursday, November 4, 2021 by Brittany Hainzinger
Oxeye announced the closing of a $5.3 Million seed financing round led by MoreVC, a seed-stage venture capital fund in Israel. The latest round includes support from i3 Equity Partners, and other cybersecurity focused investors as the company prepares to protect the world’s most popular Web applications with next-generation cloud-native Application Security Testin...
Not all security vulnerabilities are created equal
Tuesday, May 25, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function, value and, unfortunately, they also provide one of the easiest openings for cybercriminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the concept o...
Six areas of focus for continuous security
Friday, April 16, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function and value and, unfortunately, they also provide one of the easiest openings for cyber criminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the conce...
Docker desktop for Mac is now available from Docker Inc
Thursday, April 15, 2021 by Brittany Hainzinger
Docker, Inc.™ announced general availability of its much-anticipated Docker Desktop for Mac, enabling developers to leverage the advantages of the latest Macs powered by the M1 chip and extending the reach of their Docker collaborative application development platform to a new architecture.
“This is great news for the many developers who have been clamori...
Sonatype implements Applitools to ensure app quality
Friday, March 12, 2021 by Brittany Hainzinger
Sonatype was in search of a solution to prevent visual bugs across the variety of operating systems and browsers supported by the Nexus platform.
After implementing Applitools, the engineering team can solely focus on delivering value, while Applitools uncovers countless unexpected changes before code ever leaves development.
Moving forward, Sonatype will deploy a...
Hybrid cloud services general availability announced by IBM
Tuesday, March 2, 2021 by Brittany Hainzinger
IBM announced that its hybrid cloud services are now generally available in any environment -- on any cloud, on premises or at the edge -- via IBM Cloud Satellite. Lumen Technologies and IBM have integrated IBM Cloud Satellite with the Lumen edge platform to enable clients to harness hybrid cloud services in near real-time and build innovative solutions at the edge.
...
LinearB and Clubhouse partner to help software project delivery
Tuesday, February 16, 2021 by Richard Harris
LinearB and Clubhouse announced a partnership to help software development teams continuously improve project delivery by providing a complete picture of product and engineering lifecycles. Technical integration between the products will offer dev teams detailed project visibility and team-based metrics by correlating data across projects, code, Git activity and release...
Improving security posture with static application security testing
Friday, February 12, 2021 by Tim Jarrett
Amid the worldwide pursuit of digital transformation, the software has seen a meteoric rise, and application security has become paramount. As more companies become software-centric, they publish more applications, increasing the risk vulnerable code will be released. To help reduce this risk, static application security testing (SAST) can help dev teams find and fix we...
GitLab acquires Peach Tech and Fuzzit
Friday, June 12, 2020 by Brittany Hainzinger
GitLab announced it has acquired Peach Tech and Fuzzit. These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing. This makes GitLab’s DevSecOps offering the first security solution to offer both coverage-guided and behavioral fuzz testing techniques as well as the fi...
DevSecOps 7th annual Community Survey results
Wednesday, April 15, 2020 by Brittany Hainzinger
Sonatype published findings from its seventh annual DevSecOps Community Survey, based on responses from 5,045 software engineering professionals. The survey, developed and conducted in partnership with Carnegie Mellon’s Software Engineering Institute, CloudBees, DevOps Institute, DevOps.com, DevSecOps Days, NowSecure, Security Boulevard, Verica, and All Day DevOps...
Improve DevOps processes with API catalog
Thursday, March 26, 2020 by Richard Harris
One of the biggest trends in DevOps is the “shift left” approach when it comes to security, so much so that security conferences now host developer days, developer conferences host security days, and the two have melded into DevSecOps. But pragmatically, how do you implement security earlier into your development cycles? According to CloudVector VP of Engine...
Justin Dolly becomes Chief Security Officer at Sauce Labs
Wednesday, February 12, 2020 by Brittany Hainzinger
Sauce Labs Inc. announced the appointment of Justin Dolly as chief security officer. A security industry veteran with more than 20 years of experience, Dolly will develop, implement, and enforce the company’s long-term security strategy, ensuring its customers have the highest level of protection to support their digital goals. The hiring of Dolly follows the rece...
API contracts at the heart of security in 42Crunch release
Thursday, August 8, 2019 by Christian Hargrave
42Crunch, the creator of the industry's first API Firewall has released the API security platform with enhanced tools for developers to easily define security in OpenAPI contracts, enabling an agile DevSecOps experience, and providing full visibility into each individual API's security landscape. API security is complex and becomes a bottleneck wh...
DJI's Manifold 2 can make drones autonomous robots
Monday, June 3, 2019 by Richard Harris
DJI announced Manifold 2, an ultra-compact onboard supercomputer for DJI drones that enables the next-generation of autonomous aerial robotics solutions. With the additional compute capability of Manifold 2, users can process complex image data onboard the drone and get results immediately and can program drones to fly autonomously while identifying objects and avoiding...
Acronis gives developers early access to new cyber platform
Monday, April 29, 2019 by Brittany Hainzinger
Acronis announced the opening of its core platforms, enabling broad, third-party developer access to the Acronis Cyber Platform to encourage expanded functionality and application integrations while expanding their opportunities in Acronis’ large ecosystem.
The Acronis Cyber Platform, which is the foundation of the company’s existing services, features a ...
Low code pros and cons
Wednesday, April 17, 2019 by Richard Harris
If you are a coder - someone who can actually write source code for software development, you are probably tired of the constant barrage of emails from head-hunters wanting to snipe you from your current position. You are in demand my friend, very high demand in fact, and there is no sign of it slowing down. Developers are needed in every sector of the IT industry, but ...
API security testing just got easier with 42Crunch's new scanner
Thursday, March 21, 2019 by Richard Harris
42Crunch officially released the 42Crunch API Platform, an API security cloud platform to discover vulnerabilities in APIs and protect them from attack. The 42Crunch Platform can protect SaaS, Web, or IoT APIs, as well as microservices.
This follows the launch of the free API Contract Security Audit tool at APISecurity.io earlier this month. The tool helps API d...
Just Commit says GitLab
Thursday, March 7, 2019 by Richard Harris
Nike’s “Just Do It” campaign has inspired athletes since 1988. Now, in 2019, GitLab draws on that mantra to motivate developers and create a lead employees to success. This year marks DevOps’ 10-year anniversary, and over the past 10 years the approach to the industry and culture has continued to change. However, one thing remains the same - you ...
IAST supports AppSec efficiencies while cutting costs and headaches
Monday, November 26, 2018 by Asma Zubair
It’s easy to feel passionate about interactive application security testing (IAST) in the world of application security. You see, IAST makes security testing almost invisible. It’s not something that requires a highly trained team to be brought in to carry out and analyze testing results. It doesn’t hold up other teams or processes from moving forward....
How the reddit security breach reminds us to be careful
Monday, August 6, 2018 by Christian Hargrave
reddit recently disclosed in their announcements feed of a security breach into their system which the hacker "managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords." Include in the disclosed information was some reddit source code and some log files.
They went on to sa...
What some experts are saying about GDPR
Friday, May 18, 2018 by Christian Hargrave
The GDPR bill is causing an uproar in the industry as the compliance date comes ever nearer. Yet few can say they actually know much about the bill that will come into place on May 25th.GDPR, or the General Data Protection Regulation, is an expansion upon the EU’s previous Data Protection Act of 1998, extending the boundary of its territorial mandate from whatever juris...
Enterprises need a software security program
Tuesday, January 30, 2018 by Sammy Migues
The answer to the “why” enterprises need a software security program question is pretty straightforward. There are no circumstances under which any but the smallest firms can expect a collection of independent activities - a pen test here, an hour of training there, some free tools that may or may not work as advertised - will consistently result in appropriately secure...
Most cryptocurrency mobile apps are vulnerable
Thursday, November 30, 2017 by Christian Hargrave
Over 1,300 crypto currencies exist today with over $300 Billion market capitalization. One of the most popular and oldest cryptocurrency - Bitcoin has almost reached $10,000 price after several months of fluctuation, but continuous and steady growth.A wide spectrum of mobile applications for cryptocurrencies were released during the last few years by various startups, i...
Rethinking DevOps as DevSecOps
Thursday, October 12, 2017 by Akshay Aggarwal
If you’re not already thinking right now that your DevOps teams should be run like a DevSecOps team, you may already be in a world of hurt. Time to wake up! As the adoption of APIs continues to grow, so do the risks to organizations that don’t actively test the security of their solutions. Modern Agile development frameworks have changed the way engineering teams produc...
