Secure software development insights from The Linux Foundation
Monday, February 5, 2024 by Richard Harris
The Linux Foundation published a new report, Maintainer Perspectives on Open Source Software Security, based on a survey of OSS maintainers and core contributors, to understand perspectives on OSS security and the uptake and adoption of security best practices by maintainers, core contributors, end users, and other members of the OSS ecosystem.
Maintainer Perspective...
Open Bug Bounty has fixed 1 million vulnerabilities
Monday, November 7, 2022 by Brittany Hainzinger
Open Bug Bounty is an open, disintermediated, cost-free, and community-driven Bug Bounty platform for coordinated, responsible, and ISO 29147 compatible vulnerability disclosure. It passed the milestone on 27 October of fixing over 1,000,000 web security vulnerabilities.
The Open Bug Bounty project enables website owners to receive advice and support from&n...
ImmuniWeb Neuron web security scanning
Friday, June 10, 2022 by Richard Harris
ImmuniWeb has announced the launch of ImmuniWeb Neuron, a web application and API web security scanning solution that is based on the award-winning ImmuniWeb AI Platform available.
ImmuniWeb Neuron is designed to rapidly scan tens, hundreds, or even thousands of web applications and APIs for vulnerabilities, weaknesses, and misconfigurations. It c...
App modernization in 2022
Monday, January 10, 2022 by Brittany Hainzinger
Ajay Patel is the General Manager for VMware’s Modern Applications & Management Business with the mission to be the leader in application modernization, cloud-native application development, and multi-cloud management through VMware Tanzu and vRealize portfolio.
Ajay has over 30 years of enterprise software expertise. Ajay previously served as the Treasurer...
Increase developer productivity in 2022
Sunday, January 9, 2022 by Freeman Lightner
Patrick Jean is the CTO at OutSystems, where he's focused on building a great engineering culture where motivated people are free to unleash their passion doing meaningful work. With more than 20 years of engineering leadership experience, he has led multiple high-stakes, cloud transformation initiatives at SaaS providers, blending customer focus, inspired developme...
Cloud provider trends in 2022
Thursday, January 6, 2022 by Brittany Hainzinger
Amir Rapson co-founded vFunction and serves as its CTO, overseeing technology, product, and engineering. Prior to co-founding vFunction in 2017, Amir was GM and VP R&D at WatchDox until its acquisition by Blackberry, where Amir served as a VP of R&D. Prior to WatchDox, Amir held R&D positions at CTERA Networks and at SofaWare (Acquired by Check Point). Amir ...
Cloud and cyber asset management trends for 2022
Thursday, January 6, 2022 by Richard Harris
Companies have been racing to mature their technologies and pursue digital transformations in the last few years, as a way to gain or maintain competitive advantage and resilience. This has led to an emerging area of focus: cyber asset management. Organizations are now taking inventory of their IT infrastructure and prioritizing more agile cyber asset management process...
Software industry predictions in 2022 from Infragistics
Tuesday, January 4, 2022 by Richard Harris
The Infragistics experts Jason Beres, Tobias Komischke, and Dean Guida share their 2022 software industry predictions about Low-Code/No-Code, App Builders, Big Data/Embedded Analytics, UI/UX Design, Data Catalogs, and Digital Transformations.
“The biggest DevOps trend for 2022 will be low-code no-code tools that save developers time and money. Rather than being...
5G 2022 predictions from EdgeQ
Tuesday, January 4, 2022 by Richard Harris
Vinay Ravuri, CEO at EdgeQ shares his predictions for 2022 about the cloudification of 5G, the death of Moore's law, 5G & AI convergence, and more.
5G will become an essential utility and assumed “natural resource” of infrastructure. Supplying the digital “pipeline” and harnessing data currency will become a focal point of national sec...
App security testing platform lands from Oxeye
Monday, January 3, 2022 by Freeman Lightner
Oxeye announced the company’s Cloud-Native Application Security Testing Platform (CNAST). The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle, delivering clear guidance for fast and accurate remediation.
App security testing platform CNAST
Accor...
Oxeye closes a $5.3 Million seed financing round
Thursday, November 4, 2021 by Brittany Hainzinger
Oxeye announced the closing of a $5.3 Million seed financing round led by MoreVC, a seed-stage venture capital fund in Israel. The latest round includes support from i3 Equity Partners, and other cybersecurity focused investors as the company prepares to protect the world’s most popular Web applications with next-generation cloud-native Application Security Testin...
Docker desktop for Mac is now available from Docker Inc
Thursday, April 15, 2021 by Brittany Hainzinger
Docker, Inc.™ announced general availability of its much-anticipated Docker Desktop for Mac, enabling developers to leverage the advantages of the latest Macs powered by the M1 chip and extending the reach of their Docker collaborative application development platform to a new architecture.
“This is great news for the many developers who have been clamori...
Sonatype implements Applitools to ensure app quality
Friday, March 12, 2021 by Brittany Hainzinger
Sonatype was in search of a solution to prevent visual bugs across the variety of operating systems and browsers supported by the Nexus platform.
After implementing Applitools, the engineering team can solely focus on delivering value, while Applitools uncovers countless unexpected changes before code ever leaves development.
Moving forward, Sonatype will deploy a...
Hybrid cloud services general availability announced by IBM
Tuesday, March 2, 2021 by Brittany Hainzinger
IBM announced that its hybrid cloud services are now generally available in any environment -- on any cloud, on premises or at the edge -- via IBM Cloud Satellite. Lumen Technologies and IBM have integrated IBM Cloud Satellite with the Lumen edge platform to enable clients to harness hybrid cloud services in near real-time and build innovative solutions at the edge.
...
LinearB and Clubhouse partner to help software project delivery
Tuesday, February 16, 2021 by Richard Harris
LinearB and Clubhouse announced a partnership to help software development teams continuously improve project delivery by providing a complete picture of product and engineering lifecycles. Technical integration between the products will offer dev teams detailed project visibility and team-based metrics by correlating data across projects, code, Git activity and release...
Improving security posture with static application security testing
Friday, February 12, 2021 by Tim Jarrett
Amid the worldwide pursuit of digital transformation, the software has seen a meteoric rise, and application security has become paramount. As more companies become software-centric, they publish more applications, increasing the risk vulnerable code will be released. To help reduce this risk, static application security testing (SAST) can help dev teams find and fix we...
GitLab acquires Peach Tech and Fuzzit
Friday, June 12, 2020 by Brittany Hainzinger
GitLab announced it has acquired Peach Tech and Fuzzit. These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing. This makes GitLab’s DevSecOps offering the first security solution to offer both coverage-guided and behavioral fuzz testing techniques as well as the fi...
Improve DevOps processes with API catalog
Thursday, March 26, 2020 by Richard Harris
One of the biggest trends in DevOps is the “shift left” approach when it comes to security, so much so that security conferences now host developer days, developer conferences host security days, and the two have melded into DevSecOps. But pragmatically, how do you implement security earlier into your development cycles? According to CloudVector VP of Engine...
IAST supports AppSec efficiencies while cutting costs and headaches
Monday, November 26, 2018 by Asma Zubair
It’s easy to feel passionate about interactive application security testing (IAST) in the world of application security. You see, IAST makes security testing almost invisible. It’s not something that requires a highly trained team to be brought in to carry out and analyze testing results. It doesn’t hold up other teams or processes from moving forward....
What some experts are saying about GDPR
Friday, May 18, 2018 by Austin Harris
The GDPR bill is causing an uproar in the industry as the compliance date comes ever nearer. Yet few can say they actually know much about the bill that will come into place on May 25th.GDPR, or the General Data Protection Regulation, is an expansion upon the EU’s previous Data Protection Act of 1998, extending the boundary of its territorial mandate from whatever juris...
Most cryptocurrency mobile apps are vulnerable
Thursday, November 30, 2017 by Austin Harris
Over 1,300 crypto currencies exist today with over $300 Billion market capitalization. One of the most popular and oldest cryptocurrency - Bitcoin has almost reached $10,000 price after several months of fluctuation, but continuous and steady growth.A wide spectrum of mobile applications for cryptocurrencies were released during the last few years by various startups, i...
Veracode announced two new key integrations
Friday, August 11, 2017 by Austin Harris
Veracode, a software security company acquired by CA Technologies, has announced the Veracode HPE Application Lifecycle Manager (ALM) Flaw Synchronizer Plug-in, which empowers development and QA/release engineers to fix security vulnerabilities early in the Software Development Lifecycle (SDLC). The company also announced an enhanced integration to the Veracode Applicat...
DevSecOps will help security and developers play nice
Thursday, June 15, 2017 by Richard Harris
Veracode, a security software company acquired by CA Technologies, has announced the results of a study examining the relationships between application developers and security teams.The study, conducted in conjunction with Enterprise Strategy Group (ESG), shows that despite the pervasive belief that security and development teams have conflicting priorities, initiatives...
ImmuniWeb Mobile launches to offer better mobile security testing
Wednesday, March 15, 2017 by Richard Harris
High-Tech Bridge announces the launch of ImmuniWeb Mobile as part of ImmuniWeb Application Security Testing Platform. The new offering will provide comprehensive assessment of iOS and Android mobile applications, mobile infrastructure backend and data channel encryption. All ImmuniWeb Mobile packages are provided with a zero false-positives SLA. The mobile application s...
Veracode sells to CA Technologies for $614M
Wednesday, March 8, 2017 by Austin Harris
CA Technologies announced it has signed a definitive agreement to acquire Veracode, a company that is securing web, mobile and third-party applications across the software development lifecycle, for approximately $614 million in cash. The transaction is expected to close in the first quarter of fiscal year 2018, and is subject to customary closing conditions, including ...
Checkmarx opens beta support for Scala programming language
Wednesday, February 1, 2017 by Richard Harris
Checkmarx, an application security testing company, has announced open beta support of the Scala programming language. The new capability adds the ability to analyze and remediate security risks and vulnerabilities exposed in projects written using Scala code.The added capability not only allows the detection of vulnerabilities within Scala code, but also the ability to...
New VS plugin from Checkmarx lets DevOps teams to rapidly embed security
Wednesday, November 16, 2016 by Austin Harris
Checkmarx just announced a new Checkmarx plugin for the Microsoft Visual Studio Team Services platform. The new Checkmarx (CxSAST) Microsoft Visual Studio Team Services Plugin allows organizations with agile development practices to embed security into their software development lifecycle (SDLC) without the delays traditionally caused by application security t...
Hewlett Packard Enterprise Introduces New Application Security Solutions
Monday, September 19, 2016 by Richard Harris
Hewlett Packard Enterprise (HPE) has introduced the HPE Fortify Ecosystem and Fortify on Demand (FoD) continuous application monitoring service. The online marketplace and service are designed to help organizations create secure applications by naturally integrating security testing processes and resources throughout the fast-paced software development lifecycle (SDLC)....
Checkmarx Tells Us Why App Developers Should Care About App Security
Thursday, August 18, 2016 by Richard Harris
We recently had a conversation with Emmanuel Benzaquen at Checkmarx to talk about how they are able to scrutinize code with a fine-toothed comb and find vulnerabilities early and why other developers need to be doing the same. With clients such as Coca-Cola, SAP, and Salesforce, they seem to be carving out a niche for application security in the crowded tech-s...
Synopsys Makes Updates to its Seeker Runtime Security Analysis Tool
Monday, August 8, 2016 by Richard Harris
Synopsys has released the latest version of its Seeker runtime security analysis solution. Seeker analyzes web application code and data flows at runtime using a technique known as an Interactive Application Security Testing (IAST), which detects and confirms exploitable security vulnerabilities and provides insight that allows developers to address their root causes. T...
Cloud Security Alliance Issues Mobile Application Security Testing Report
Monday, August 1, 2016 by Stuart Parkerson
The Cloud Security Alliance has released a new report surrounding its Mobile Application Security Testing Initiative. The purpose of the report is to provide the Alliance’s insight into building out a roadmap for establishing a more secure cloud ecosystem to protect mobile applications.The Alliance’s Mobile Application Security Testing (MAST) Initiative offers...
Application Security Market to Triple in the Next 5 Years
Wednesday, May 11, 2016 by Stuart Parkerson
A new market research report has been published by MarketsandMarkets which predicts that the global application security market size is expected to triple, growing from $2.24 Billion in 2016 to $6.77 Billion by 2021. The report is titled “Application Security Market by Component (Solutions, Services), Solutions (Web Application Security, Mobile Application Security), Te...
A Developer's Perspective on Mobile Security in the Age of BYOD
Thursday, March 31, 2016 by Joe Schulz
With the cost savings of BYOD continuing to lure organizations to adopt this approach, the number of companies allowing employee-owned devices is still on the rise, as well. In early 2015, Tech Pro Research announced that 74 percent of organizations either already allow or were planning to allow employees to bring their own devices to work. At the time of this writing, ...
One in Four Android Apps Have High Risk Security Flaws
Friday, February 12, 2016 by Stuart Parkerson
Mobile developers continue to battle security issues with their apps according to a new report by NowSecure. The annual report, 2016 NowSecure Mobile Security Report, provides insight into the current state of mobile security. According to the report a quarter of Android apps have at least one high risk security flaw, 35 percent of communications sent by mobile dev...
New Report Highlights Wide Ranging Cybersecurity Challenges
Wednesday, September 2, 2015 by Richard Harris
Cybersecurity Ventures has released its Cybersecurity Market Report for Q3 2015 which provides an overview of software development and application security trends, statistics, best practices, and resources. Highlights of the report include:- “The SANS Institute 2015 State of Application Security Report” states that many information security engineers don’t understa...
.jpg)
