Docker desktop for Mac is now available from Docker Inc
Thursday, April 15, 2021 by Brittany Hainzinger
Docker, Inc.™ announced general availability of its much-anticipated Docker Desktop for Mac, enabling developers to leverage the advantages of the latest Macs powered by the M1 chip and extending the reach of their Docker collaborative application development platform to a new architecture.
“This is great news for the many developers who have been clamori...
Sonatype implements Applitools to ensure app quality
Friday, March 12, 2021 by Brittany Hainzinger
Sonatype was in search of a solution to prevent visual bugs across the variety of operating systems and browsers supported by the Nexus platform.
After implementing Applitools, the engineering team can solely focus on delivering value, while Applitools uncovers countless unexpected changes before code ever leaves development.
Moving forward, Sonatype will deploy a...
Hybrid cloud services general availability announced by IBM
Tuesday, March 2, 2021 by Brittany Hainzinger
IBM announced that its hybrid cloud services are now generally available in any environment -- on any cloud, on premises or at the edge -- via IBM Cloud Satellite. Lumen Technologies and IBM have integrated IBM Cloud Satellite with the Lumen edge platform to enable clients to harness hybrid cloud services in near real-time and build innovative solutions at the edge.
CircleCI brings privacy enhancements for teams across the enterprise
Monday, February 22, 2021 by Brittany Hainzinger
CircleCI introduced new platform updates to increase the control, protection, privacy, and confidence of today’s engineering teams.
Business leaders are concerned with the growth of remote-only and its impact on security. In fact, research shows 28 percent of leaders in 2020 were anticipated to prioritize improving application security capabilities ...
LinearB and Clubhouse partner to help software project delivery
Tuesday, February 16, 2021 by Richard Harris
LinearB and Clubhouse announced a partnership to help software development teams continuously improve project delivery by providing a complete picture of product and engineering lifecycles. Technical integration between the products will offer dev teams detailed project visibility and team-based metrics by correlating data across projects, code, Git activity and release...
Improving security posture with static application security testing
Friday, February 12, 2021 by Tim Jarrett
Amid the worldwide pursuit of digital transformation, the software has seen a meteoric rise, and application security has become paramount. As more companies become software-centric, they publish more applications, increasing the risk vulnerable code will be released. To help reduce this risk, static application security testing (SAST) can help dev teams find and fix we...
5 mistakes businesses make in application development
Friday, October 23, 2020 by Mayur S Shah
5 Mistakes Businesses Make While Prioritizing Speed Over Security in Application Development
Earlier this year, the Democratic party in Iowa announced its plans to use a smartphone app to calculate and transmit their caucus results. One would think that by using technology to improve the speed of governance, what could possibly go wrong? A lot, apparently. The a...
GitLab acquires Peach Tech and Fuzzit
Friday, June 12, 2020 by Brittany Hainzinger
GitLab announced it has acquired Peach Tech and Fuzzit. These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing. This makes GitLab’s DevSecOps offering the first security solution to offer both coverage-guided and behavioral fuzz testing techniques as well as the fi...
Docker and Snyk partner to deliver container vulnerability scanning
Wednesday, May 20, 2020 by Brittany Hainzinger
Docker has partnered with Snyk to deliver native vulnerability scanning of container images in Docker. Together, Docker and Snyk will provide a streamlined workflow that makes the application development process more secure for millions of developers, allowing them to more quickly and confidently build secure applications as an automated part of their toolchain.
DevSecOps 7th annual Community Survey results
Wednesday, April 15, 2020 by Brittany Hainzinger
Sonatype published findings from its seventh annual DevSecOps Community Survey, based on responses from 5,045 software engineering professionals. The survey, developed and conducted in partnership with Carnegie Mellon’s Software Engineering Institute, CloudBees, DevOps Institute, DevOps.com, DevSecOps Days, NowSecure, Security Boulevard, Verica, and All Day DevOps...
Improve DevOps processes with API catalog
Thursday, March 26, 2020 by Richard Harris
One of the biggest trends in DevOps is the “shift left” approach when it comes to security, so much so that security conferences now host developer days, developer conferences host security days, and the two have melded into DevSecOps. But pragmatically, how do you implement security earlier into your development cycles? According to CloudVector VP of Engine...
Linux and LISH release census for open source security
Wednesday, February 19, 2020 by Brittany Hainzinger
The Linux Foundation’s Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH), announced the release of ‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.
This Census II analysis and report represent important steps towards understanding and addressing structural and s...
Volterra emerges from Stealth
Friday, November 22, 2019 by Christian Hargrave
Volterra announced it has launched from two years of stealth operations with over $50 million in funding to date. Investors include top-tier venture capital firms Khosla Ventures, Mayfield and M12 (Microsoft’s venture fund), as well as a growing set of strategic investors/partners including Itochu Technology Ventures and Samsung NEXT. Volterra’s launch come...
Build applications at speed with Cohesity Agile Dev
Thursday, September 12, 2019 by Freeman Lightner
Cohesity has announced the launch of Cohesity Agile Dev and Test, a new solution that addresses key bottlenecks organizations face in building applications at speed. It moves away from the request-fulfill model where developers request access to production-grade data and wait sometimes weeks for IT operations teams to provide the data needed to build...
Crowdsourced security and bug bounty adoption is spreading
Monday, May 20, 2019 by Richard Harris
There continues to be a fundamental imbalance in cybersecurity. Attackers are finding new ways to penetrate cyber defenses as targets proliferate to the cloud, mobile, and connected devices. Defenders need to take a proactive security approach.
The evolving threat landscape and the ever-widening security skills gap are giving rise to new approaches such as crowdsourc...
F5 Acquires NGINX
Thursday, March 14, 2019 by Christian Hargrave
F5 Networks, Inc. and NGINX announced a definitive agreement under which F5 will acquire all issued and outstanding shares of privately held NGINX for a total enterprise value of approximately $670 million, subject to certain adjustments.
“By bringing F5’s world-class application security and rich application services portfolio for improving per...
First multiTEE security platform for mobile app developers emerges
Tuesday, March 5, 2019 by Christian Hargrave
Trustonic says it will expand support to include Huawei’s Trusted Execution Environment (TEE) on its mobile application security platform, Trustonic Application Protection (TAP). Until now, TAP has enabled app developers to build apps secured by both strong application shielding for iOS and Android, and hardware-based protection for the 1.7 billion Android devices...
Prevoty offers new Autonomous Application Protection capabilities
Friday, March 1, 2019 by Christian Hargrave
Imperva announced the expansion of its application security offerings with two new Autonomous Application Protection capabilities.
The update extends customers’ visibility into how applications behave and how users interact with sensitive information. With this expanded view across their business assets, customers will have deeper insights to understand and mit...
The benefits of single page applications as Adobe sees it
Thursday, January 10, 2019 by Gabriel Walt
Most people currently use a SPA every day without realizing it. Google Maps, Twitter, and Gmail are just a few examples of the abundance of SPAs in use today. While SPAs have been around for a while, technology advances have caused interest in them to soar over the past couple of years. Still, some misconceptions exist about the technology, many based on limitations in ...
AI for cybersecurity
Tuesday, November 27, 2018 by Richard Harris
As organizations struggle to deal with the growing sophistication of hackers and the influx in data breaches, it's becoming clear that AI could be a critical tool for automatically defending applications from cyber attacks - but there are challenges to overcome. Ivan Novikov, the CEO of AI security company Wallarm, offers some insight below on how AI can be utilized...
IAST supports AppSec efficiencies while cutting costs and headaches
Monday, November 26, 2018 by Asma Zubair
It’s easy to feel passionate about interactive application security testing (IAST) in the world of application security. You see, IAST makes security testing almost invisible. It’s not something that requires a highly trained team to be brought in to carry out and analyze testing results. It doesn’t hold up other teams or processes from moving forward....
Angular 7 highlights, improvements, and gotchas
Tuesday, November 6, 2018 by Richard Harris
Google recently announced its new Angular 7, which has been noted as a major release spanning the entire platform, including the core framework, Angular Material, and the CLI with synchronized major versions. These benefits along with more, such as CDK virtual scrolling capabilities and drag & drop feature, have developers excited to dive in. Carl Bergenhem, a Produ...
Web app testing tool LoadNinja lands
Monday, November 5, 2018 by Richard Harris
SmartBear released LoadNinja, a cloud-based platform for engineers and performance professionals who load test web applications. SmartBear says LoadNinja can deliver a rare combination of efficiency, accuracy, and actionable performance data, allowing teams to incorporate load testing easily in an agile and devops environment. Unlike traditional load te...
Single Page Application security help
Tuesday, October 23, 2018 by Richard Harris
Single-page applications, or SPAs, are web apps that load a single HTML page and dynamically update that page as the user interacts with the app. Their origins are unclear but the concept was discussed as early as 2003 according to the archives on Wiki. SPAs use AJAX and HTML5 to create fluid and responsive Web apps, without constant page reloads - that literally means,...
Code security gamification company nabs $3.5M in funding
Friday, September 14, 2018 by Christian Hargrave
Secure application development platform provider Secure Code Warrior announced that it has gained US $3.5 million in funding from two strategic venture capital firms. The financing was led by Washington DC-based Paladin Capital Group, with participation from Sydney-based AirTree Ventures. The initial funding round will allow the company to further expand its rapidly gro...
How the reddit security breach reminds us to be careful
Monday, August 6, 2018 by Christian Hargrave
reddit recently disclosed in their announcements feed of a security breach into their system which the hacker "managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords." Include in the disclosed information was some reddit source code and some log files.
They went on to sa...
Mobiconf 2018 will return to Poland
Tuesday, July 24, 2018 by Christian Hargrave
Mobiconf 2018 will soon be coming to Krakow, Poland inside the Multikino cinema theater. Taking place on the 4-5th October, the mobile developer conference will boast topic titles like “What Mom Never Told You about Multi-threading (mobile edition)” and “Application Security in Agile Mobile Development.” And featuring talks from Fernando Cejas, D...
Detect eavesdropping in your mobile app with TrustKit
Wednesday, July 11, 2018 by Christian Hargrave
Data Theorem, Inc. announced the availability of TrustKit Analytics, a new service for the TrustKit community that delivers advanced security insights. In addition, the company announced that since TrustKit’s release in 2015, it has identified more than 100 million eavesdropping attempts on iOS and Android applications, where apps in active mode have blocked 100 p...
Find bugs in your code before launch with new ReGrade platform
Thursday, May 24, 2018 by Christian Hargrave
Let's face it, most of us do not write flawless code, and according to the U.S. Department of Homeland Security, 90 percent of security incidents result from exploits against defects in software (ouch). Curtail Security has announced the release of ReGrade. The platform helps give customers the ability to identify critical version differences in the development cycle an...
What some experts are saying about GDPR
Friday, May 18, 2018 by Christian Hargrave
The GDPR bill is causing an uproar in the industry as the compliance date comes ever nearer. Yet few can say they actually know much about the bill that will come into place on May 25th.GDPR, or the General Data Protection Regulation, is an expansion upon the EU’s previous Data Protection Act of 1998, extending the boundary of its territorial mandate from whatever juris...
DevOps practices more likely to integrate automated security
Saturday, April 21, 2018 by Christian Hargrave
Sonatype published findings from its 5th annual DevSecOps Community Survey of 2,076 IT professionals. The survey shares practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions. Survey respondents with mature DevOps practices were 338% more likely to integrate automated security than organizations with no DevOps pra...
Why developers run away from security updates
Monday, April 16, 2018 by Richard Harris
Veracode, Inc. has released new data that shines a light on the discrepancy between component security and hygiene. According to the research conducted with Vanson Bourne, only 52 percent of developers using commercial or open source components in their applications update those components when a new security vulnerability is announced. This highlights organizations’ la...
Forrester recognizes Prevoty for it's RASP
Monday, April 2, 2018 by Richard Harris
Prevoty is cited as the leader of runtime application self-protection (RASP) technologies in The Forrester New Wave: Runtime Application Self-Protection, Q1 2018, released recently. Analysts from the influential research and advisory firm evaluated the eight most significant RASP vendors, interviewed customers, received demonstrations, and measured each solution against...
Enterprises need a software security program
Tuesday, January 30, 2018 by Sammy Migues
The answer to the “why” enterprises need a software security program question is pretty straightforward. There are no circumstances under which any but the smallest firms can expect a collection of independent activities - a pen test here, an hour of training there, some free tools that may or may not work as advertised - will consistently result in appropriately secure...
Most cryptocurrency mobile apps are vulnerable
Thursday, November 30, 2017 by Christian Hargrave
Over 1,300 crypto currencies exist today with over $300 Billion market capitalization. One of the most popular and oldest cryptocurrency - Bitcoin has almost reached $10,000 price after several months of fluctuation, but continuous and steady growth.A wide spectrum of mobile applications for cryptocurrencies were released during the last few years by various startups, i...