Real time security software development from Symbiotic Security
Friday, November 22, 2024 by Richard Harris
Symbiotic Security launched a real-time security for software development that combines detection and remediation with just-in-time training – incorporating security testing and training directly into the development process without breaking developers’ workflows.
Backed with $3 million of seed funding from investors including Lerer Hippeau, Axeleo C...
Off-the-shelf intelligent automation beats custom ECM monitoring
Monday, October 14, 2024 by Austin Harris
The accumulation of digital information is overwhelming, and the reliance on increasing access must be recognized. The danger in this climate is that storage capacity can be quickly consumed if structured and unstructured data are not adequately managed. More storage can lead to more costs and complexity - especially regarding compliance mandates. On top of that, more t...
Generative AI in Application Security report from Checkmarx
Monday, August 12, 2024 by Richard Harris
Checkmarx, the in-cloud-native application security provider, has published its Seven Steps to Safely Use Generative AI in Application Security report, which analyzes key concerns, usage patterns, and buying behaviors relating to the use of AI in enterprise application development. The global study exposed the tension between the need to empower both...
Veracode acquires Longbow Security
Thursday, April 18, 2024 by Freeman Lightner
Veracode announced the acquisition of Longbow Security, a security risk management platform for cloud-native environments. The acquisition marks the next exciting phase of Veracode, underscoring the company’s commitment to help organizations effectively manage and reduce application risk across the growing attack surface.
The integration of Longbow in...
IT security predictions for 2024 from HYCU
Tuesday, February 13, 2024 by Richard Harris
Subbiah Sundaram shares his 2024 IT predictions, plus why organizations need to make sure they have a way to protect and recover SaaS application data, the impacts LLMs and AI will have on IT security, the rise of ransomware attacks, the frequency of attacks predicted to be at every two seconds by 2030, and that the focus of organizations will shift ...
Software delivery lifecycle security predictions from OpsMx
Wednesday, December 20, 2023 by Richard Harris
Heading into 2024, enterprises face mounting security concerns related to data breaches, evolving privacy regulations, and their increasing reliance on the cloud and software service providers. As such, they are under increasing pressure to secure the software delivery lifecycle and better understand where the threats are coming from and what their vulnerabilities are. ...
AI cybersecurity impacts according to NetLib Security
Monday, December 18, 2023 by Richard Harris
This is an easy call to make: NetLib Security predicts that Artificial Intelligence - Generative AI - will continue to heavily impact the world of cybersecurity, upping the game for defensive players, while giving cybercriminals more tools on the offensive side.
2023 was a year in which AI seemed suddenly to be everywhere. Although AI is not a new field, ChatGPT and ...
Digital trust and security predictions from DigiCert
Tuesday, December 12, 2023 by Richard Harris
Mike Nelson, along with a team of experts at DigiCert looks back at the past year's security developments and makes some bold predictions of technology, identity, and digital trust. Here are DigiCert's top predictions:
Prediction 1: Senior executives will become more knowledgeable about post-quantum cryptography, and companies will accelerate their investment...
API security risks report exposes Netflix and Wordpress
Monday, November 27, 2023 by Richard Harris
Wallarm, the end-to-end API and app security company, announced the release of its Q3-2023 Wallarm API ThreatStats report. The quarterly report details the surge in threats centered around APIs and uncovers critical vulnerabilities, like injections and API data leaks, that have recently impacted leading firms, including Netflix, VMware, and SAP.
The new report i...
App security threat report results from Digital Ai
Thursday, October 19, 2023 by Richard Harris
Digital.ai announced the results of its 1st annual Application Security Threat Report, illuminating and quantifying the risks to applications in the wild. The results reveal that 57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) the most likely to be attacked. The study found no correlation between an app’s popularity and likelihood o...
Web3 ID to boost online security from Concordium
Wednesday, September 13, 2023 by Brittany Hainzinger
Concordium has announced the release of Web3 ID, a blockchain-native identity platform with programmable privacy for individuals and organizations. Web3 ID allows digital identity holders to issue Zero-Knowledge-Proofs to dApps while allowing dApps to seamlessly request proof of user identity. This empowers individuals and businesses with complete control over thei...
App security training enhancements by Security Journey
Wednesday, July 19, 2023 by Freeman Lightner
Security Journey announced an acceleration of its secure coding training platform enhancements. Since combining HackEDU and Security Journey training offerings into one Platform, the company has added or refreshed almost 200 lessons and 25 languages, frameworks, and technologies; giving customers even more new training content to improve secure coding knowledge gain of ...
AppSec 2023 predictions from Oxeye Security
Wednesday, February 8, 2023 by Freeman Lightner
Oxeye, the provider of award-winning cloud-native application security, announced five predictions expected to shape enterprise security spending in 2023. The predictions follow industry-wide research which shows the industry is shifting away from legacy software infrastructure and standardizing on cloud-native applications resulting in the need for new and more ef...
Security practices of apps in the Google Play Store
Monday, September 26, 2022 by Brittany Hainzinger
Data removal company Incogni analyzed the top 1,000 paid and unpaid apps available on the Google Play Store to discover the apps’ privacy and security practices.
Key privacy findings:
1 in 2 apps (55.2%) share your data with third parties.
Free apps share, on average, seven times more data points than paid apps.
The worst categ...
ImmuniWeb Neuron web security scanning
Friday, June 10, 2022 by Richard Harris
ImmuniWeb has announced the launch of ImmuniWeb Neuron, a web application and API web security scanning solution that is based on the award-winning ImmuniWeb AI Platform available.
ImmuniWeb Neuron is designed to rapidly scan tens, hundreds, or even thousands of web applications and APIs for vulnerabilities, weaknesses, and misconfigurations. It c...
PKI Spotlight security solution launches
Wednesday, April 6, 2022 by Freeman Lightner
PKI Solutions announced the introduction of PKI Spotlight, an industry solution that provides real-time monitoring and alerting of the availability, configuration, and security of all organizations' PKI environments, all consolidated into one easy-to-use dashboard. PKI is a foundational technology for almost every identity and data encryption solution...
Why developers need security
Friday, February 18, 2022 by Ariel Shadkhan
They say that everything is personal. Well, so is code development. Since childhood, I was surrounded by developers my father was a developer, my uncle was a developer, and that was all I knew growing up. When people asked me what I wanted to do when I got older, the only answer was, well, to become a developer. Code development was very different back then, we lea...
Security compliance predictions for 2022
Tuesday, January 18, 2022 by Freeman Lightner
Edward Tuorinsky is the Managing Principal of DTS, a Service-Disabled Veteran-Owned Small Business, that provides information technology and management consulting services in the areas of program management, governance, strategic planning, organization advancement, business process efficiency, software development, system integration, and learning enhancement solutions....
Security analytics platform selects Pulumi Cloud
Monday, January 3, 2022 by Freeman Lightner
Pulumi announced Panther Labs, a security analytics platform company that helps teams detect and respond to breaches at cloud scale, has selected the Pulumi Cloud Engineering Platform to manage and scale its cloud infrastructure. With Pulumi, Panther has been able to speed its deployments by up to 10X, reduce the size of its legacy infrastructure codebase by more than 5...
App security testing platform lands from Oxeye
Monday, January 3, 2022 by Freeman Lightner
Oxeye announced the company’s Cloud-Native Application Security Testing Platform (CNAST). The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle, delivering clear guidance for fast and accurate remediation.
App security testing platform CNAST
Accor...
Improving cloud security practices for DevOps teams
Thursday, August 26, 2021 by Richard Harris
Technology integration allows customers to securely leverage existing keys, secrets, tokens, and certificates into declarative CI/CD pipelines and ease the management of HashiCorp Vault infrastructure and security practices.
Opsera and HashiCorp partner with plans on improving cloud security practices for DevOps teams
Opsera, the Continuous Orchestration platform ...
Not all security vulnerabilities are created equal
Tuesday, May 25, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function, value and, unfortunately, they also provide one of the easiest openings for cybercriminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the concept o...
Six areas of focus for continuous security
Friday, April 16, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function and value and, unfortunately, they also provide one of the easiest openings for cyber criminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the conce...
Improving security posture with static application security testing
Friday, February 12, 2021 by Tim Jarrett
Amid the worldwide pursuit of digital transformation, the software has seen a meteoric rise, and application security has become paramount. As more companies become software-centric, they publish more applications, increasing the risk vulnerable code will be released. To help reduce this risk, static application security testing (SAST) can help dev teams find and fix we...
Security and reliability become one for APIs in 2021
Tuesday, January 19, 2021 by Freeman Lightner
Reliability -- especially for APIs -- is growing because our reliance on APIs is growing, while at the same time how we develop software has changed. Modern software stacks are written as a collection of microservices, with each service written in a type-safe language that better guards against low-hanging vulnerabilities. However, it also makes reasoning about how...
Security concerns will be front and center in 2021
Saturday, January 9, 2021 by Brittany Hainzinger
Security concerns, especially when it comes to cloud native applications, will be even more front and center in 2021 than they have been recently, said Linux Foundation SVP & General Manager of Training & Certification Clyde Seepersad.
Recent research by The Linux Foundation and Harvard found that open source developers are not prioritizing security issu...
RPA security challenges in 2021
Thursday, January 7, 2021 by Freeman Lightner
What many security professionals have failed to realize is that the user identities created for RPA technologies to connect to a company network in order to execute a task are just as vulnerable as their human counterparts. 2021 will be the birth of digital identities for the digital workforce.
RPA security challenges in 2021
Throughout 2021, identity and security...
API sprawl security concern predictions of 2021 from Volterra
Wednesday, January 6, 2021 by Freeman Lightner
As organizations continue to digitally transform business processes, they are increasingly transitioning from legacy applications to modern, cloud-native apps.
These intricate modern apps feature far more APIs than their predecessors including API sprawl.
Since these apps are built with extensive microservices, many of these APIs are deeply embedded and hidden. Th...
Zero trust security will prevail in 2021
Wednesday, January 6, 2021 by Brittany Hainzinger
Zero-trust security (when organizations stop trusting their people and services in an IT environment) will become the prevailing model for organizations in 2021. With more companies moving to distributed architectures, technology teams need a scalable way to make security foolproof while managing a growing number of microservices and greater complexity. Companies s...
GDPR and data security
Friday, September 18, 2020 by Jonathan Weicher
How has the General Data Protection Regulation (GDPR) affected your firm during the past two years? It has been nearly that long since GDPR went into effect across Europe, applicable for any organizations handling the personal information of European citizens. Since that time, it appears to be performing well up to expectations. Firms of all kinds find themse...
How gamifying security improves cooperation with developers
Monday, May 11, 2020 by Ante Gulam
Scaling security across development challenges the most seasoned professionals. Regardless of company size or industry, risks can no longer be comfortably managed across an organization as a centralized function. Security leaders need people in other departments to understand risks and help their teams remediate and reduce them for security to be successful. Last month,...
Linux and LISH release census for open source security
Wednesday, February 19, 2020 by Brittany Hainzinger
The Linux Foundation’s Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH), announced the release of ‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.
This Census II analysis and report represent important steps towards understanding and addressing structural and s...
Justin Dolly becomes Chief Security Officer at Sauce Labs
Wednesday, February 12, 2020 by Brittany Hainzinger
Sauce Labs Inc. announced the appointment of Justin Dolly as chief security officer. A security industry veteran with more than 20 years of experience, Dolly will develop, implement, and enforce the company’s long-term security strategy, ensuring its customers have the highest level of protection to support their digital goals. The hiring of Dolly follows the rece...
FTC cracks down on comprehensive data security for Utah company
Thursday, November 14, 2019 by Richard Harris
A Utah-based technology company has agreed to implement a comprehensive data security program to settle Federal Trade Commission allegations that the company failed to put in place reasonable security safeguards, which allowed a hacker to access the personal information of a million consumers.
InfoTrax Systems, L.C., provides back-end operation services to multi-leve...
Post-quantum computing security
Wednesday, November 6, 2019 by Richard Harris
There is a brewing fear about Quantum computing because of the power behind moving quantum bits around in such blinding speeds that some say, will instantly break every encryption algorithm on the Internet today. DigiCert Inc. has released the results of a new survey titled, "Quantum's Peril & Promise" that highlights the ...