DevOps threats report released from GitProtect io
Monday, August 12, 2024 by Brittany Hainzinger
Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities,
and, as a result, data loss are the reality that DevSecOps teams have to face...even every
few days.
The State of DevOps threats report - teams affected every few days
GitProtect.io recently presented its studies on the most severe incidents affecting tools like GitHub...
Detect hard coded secrets with new capabilities from Cycode
Thursday, August 10, 2023 by Freeman Lightner
Cycode announced the expansion of its hard-coded secrets detection in cloud-based workplaces, as well as a collaboration with Azure DevOps pipelines to ensure end-to-end supply chain integrity and a new IDE plug-in for seamless integration with VS Code.
Building upon its existing code-to-cloud coverage, Cycode now extends its secrets scanning capabilities to encompas...
Red Hat OpenStack and DevSecOps updates
Thursday, June 15, 2023 by Richard Harris
DSO National Laboratories (DSO), Singapore’s national defense research and development (R&D) organization, and open source leader Red Hat, has announced a collaboration to develop new DevSecOps capabilities. The joint work between Red Hat and DSO shows the value of collaboration to facilitate knowledge exchange in Singapore’s defense R&D efforts.
...
LawBase ChatGPT integration brings enhanced reporting capabilities
Tuesday, May 23, 2023 by Freeman Lightner
LawBase, the preeminent case and matter management software system for the legal industry announced it has added generative AI capabilities within the company’s flagship and award-winning platform.
LawBase is known for incredible flexibility without sacrificing functionality, and this integration with ChatGPT adds to this unique capability. Now, users can emplo...
In game audio ads platform Odeeo sees growth in active users
Wednesday, March 15, 2023 by Freeman Lightner
Odeeo, the global audio ads in games platform has recorded 300% year-on-year revenue and daily active user (DAU) growth in 2022, and served over a billion ads, with 10B ad opportunities created.
Odeeo connects advertisers to the world's 2.9B mobile gamers. Its record growth is driven by its technical innovation and its timely exploitation of the burgeoning audio ...
What the future of AR looks like
Friday, December 2, 2022 by Richard Harris
The next two decades hold incredible promise, and danger, as our lives become more intertwined with extended reality (XR) technologies. Visions of exciting possibilities are tempered with privacy concerns, as major XR companies explore centralized visual positioning systems that store personal data.
Today’s pioneers of augmented and virtual realities (AR and VR...
Security practices of apps in the Google Play Store
Monday, September 26, 2022 by Brittany Hainzinger
Data removal company Incogni analyzed the top 1,000 paid and unpaid apps available on the Google Play Store to discover the apps’ privacy and security practices.
Key privacy findings:
1 in 2 apps (55.2%) share your data with third parties.
Free apps share, on average, seven times more data points than paid apps.
The worst categ...
DevOps predictions for 2022
Wednesday, January 19, 2022 by Richard Harris
Yoav Landman, Co-Founder, and CTO of JFrog created Artifactory after 7 years as a senior consultant with AlphaCSP. He has held several senior technical roles with Attunity, Verve, and Sausage. Yoav holds a Master of Computing degree from RMIT University and a BA in Law (LLB) from Haifa University.
Low-Code/No-Code, Metaverse, and DevOps predictions for 2022
Landma...
Data privacy predictions from Ground Labs
Monday, January 17, 2022 by Freeman Lightner
As Ground Labs Co-Founder, Stephen Cavey leads a global team empowering enterprise partners to discover, manage and secure sensitive data across their organizations.
Stephen has deep security domain expertise with a focus on electronic payments and data security compliance. He is a frequent speaker at industry events such as PrivSec Global, and his expert analy...
Low code platform Zenity lands $5M in funding
Wednesday, December 8, 2021 by Christian Hargrave
Zenity exited stealth mode with a $5 million seed funding round, led by Vertex Ventures and UpWest, and backed by top executives such as the former CISO of Google, Gerhard Eschelbeck, and former CIO of SuccessFactors, Tom Fisher. With Zenity, businesses can promote citizen development and adopt Low-Code/No-Code platforms while avoiding critical data exfiltration or disr...
Neural decision processor launches from Syntiant
Wednesday, October 6, 2021 by Brittany Hainzinger
Syntiant Corp has introduced the Syntiant NDP200 Neural Decision Processor (NDP), the company's first chip designed for vision processing that can provide highly accurate inference at under 1mW.
NDP200 neural decision processor from Syntiant
Packaged with the Syntiant Core 2, the NDP200 can ...
Improving cloud security practices for DevOps teams
Thursday, August 26, 2021 by Richard Harris
Technology integration allows customers to securely leverage existing keys, secrets, tokens, and certificates into declarative CI/CD pipelines and ease the management of HashiCorp Vault infrastructure and security practices.
Opsera and HashiCorp partner with plans on improving cloud security practices for DevOps teams
Opsera, the Continuous Orchestration platform ...
Amazon location service launches
Monday, August 23, 2021 by Freeman Lightner
Amazon Web Services, Inc. announced the general availability of Amazon Location Service, a new service that makes it easier and more cost-effective for customers to add location functionality to their applications without compromising on user privacy or data security. With Amazon Location Service, customers can embed location functionality in their applications usi...
DevSecOps will go mainstream this year
Tuesday, January 26, 2021 by Richard Harris
Cybercriminals love Shadow Code exploits because hacking a commonly used library or service can place the malicious code on hundreds or thousands of websites. For example, the widely used jQuery JavaScript library has been breached multiple times, leading to digital skimming attacks broadly across the e-commerce sector. Adding jQuery to an application without ...
PCE Supercluster now offered by Illumio
Tuesday, January 8, 2019 by Christian Hargrave
Illumio, a cybersecurity company delivering micro-segmentation, announced full availability of PCE Supercluster designed for enterprise-scale real-time application dependency mapping and micro-segmentation deployments. PCE Supercluster, which is currently in use by some of the largest organizations in the world, makes Illumio the first company to offer a micro-segmentat...
Blockchain IoT can work to your advantage
Friday, October 5, 2018 by Richard Harris
Why do the words Blockchain and IoT still sound terrifying to some businesses? Maybe it's because Blockchain terminology was made mainstream by Bitcoin, or perhaps it's that IoT sounds immediate security alarms.
According to IBM, using Blockchain in asset management, customs declarations, supply chain networks, commercial property leasing, and countless more ...
How the reddit security breach reminds us to be careful
Monday, August 6, 2018 by Christian Hargrave
reddit recently disclosed in their announcements feed of a security breach into their system which the hacker "managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords." Include in the disclosed information was some reddit source code and some log files.
They went on to sa...
Enterprises need a software security program
Tuesday, January 30, 2018 by Sammy Migues
The answer to the “why” enterprises need a software security program question is pretty straightforward. There are no circumstances under which any but the smallest firms can expect a collection of independent activities - a pen test here, an hour of training there, some free tools that may or may not work as advertised - will consistently result in appropriately secure...
Why enterprises will modernize their enterprise apps this year
Wednesday, January 24, 2018 by Richard Harris
Sapho and IDG Communications have released the results of a survey targeting 160 IT Directors and Chief Information and Technology Officers at enterprise companies with more than 1,000 employees. The results show an overwhelming number (78%) of respondents planning to upgrade their organization’s enterprise applications this year in an effort to provide employees with b...
DevSecOps is important and here is why
Friday, October 20, 2017 by Richard Harris
In the digital age, securing your development projects against malicious hackers can be quite the challenge. And when you take security and try to scale security to an enterprise, the challenge seems insurmountable. Evident by the frequent hacking incidents we see come through the news.Enter DevSecOps. DevSecOps is a methodology that interweaves the aspects of DevOps an...
Veracode announced two new key integrations
Friday, August 11, 2017 by Christian Hargrave
Veracode, a software security company acquired by CA Technologies, has announced the Veracode HPE Application Lifecycle Manager (ALM) Flaw Synchronizer Plug-in, which empowers development and QA/release engineers to fix security vulnerabilities early in the Software Development Lifecycle (SDLC). The company also announced an enhanced integration to the Veracode Applicat...
Why runtime application selfprotection is critical for app security
Tuesday, June 20, 2017 by David Strom
Today most of us go about implementing security from the outside in. The common practice is to start by defining a perimeter and trying to defend it with various security tools. Even though perimeters have been porous for more than a decade, we still can’t give up this notion that if we build a better wall we can keep our enterprises safer.Certainly that is where most e...
Many fintech DevOps are not enforcing security
Tuesday, June 6, 2017 by Christian Hargrave
Venafi has announced the results of a study on the cryptographic security practices of DevOps teams in the financial services industry. Cryptographic security risks are amplified in DevOps settings, where compromises in development or test environments can spread to production systems and applications. This is a particular issue for financial services organizations, whi...
Humans are still the biggest threat to cyber security report shows
Saturday, December 17, 2016 by Christian Hargrave
Global technology company Nuix have released the findings from its third annual survey of corporate information security practitioners who almost universally agreed that human behavior was their largest security threat. While businesses were investing to develop broad and mature cybersecurity capabilities, many survey respondents were uncertain about the most effective ...
New research shows that using advanced security drives new business growth
Wednesday, October 12, 2016 by Christian Hargrave
A global study from CA Technologies revealed that organizations are measuring the success of IT security beyond just breaches and compliance; they now are including business performance indicators that contribute directly to revenue growth. The study, The Security Imperative: Driving Business Growth in the App Economy, polled 1,770 senior business and IT executives, inc...
AWS Wants You to Train and Certify on Cloud Computing Security
Saturday, July 9, 2016 by Richard Harris
As part of its Training & Certification program, AWS has updated its self-paced Security Fundamentals course that provides an introduction to fundamental cloud computing and AWS security concepts, including AWS access control and management, governance, logging, and encryption methods. The web based course also addresses security-related compliance protocols, risk m...
Why Every DevOps Practice Needs NextGeneration Data Security
Monday, June 27, 2016 by Louis Evans
As engineers and managers, we live in a world of tradeoffs. A fast solution is usually a sloppy one; a cheap solution is often a fragile one. Any solution that breaks these tradeoffs is extraordinary. A major one can bring about a revolution. The DevOps transformation is just such a revolution. It offers orders-of-magnitude acceleration in software delivery, while ...
Don't Expect Apple and Google to Do App Security for You
Tuesday, May 24, 2016 by Sinan Eren
The appetite for mobile apps with an appealing user experience shows no signs of slowing – even in closely regulated industries such as financial services and healthcare. In fact, according to Gartner, by the end of 2017, IT organizations will be hard-pressed to meet market demand for mobile app development services as it grows at least five times faster than IT’s abili...
Four Ways the Maturity of Cloud Technology is Changing LongHeld Industry Beliefs
Thursday, February 18, 2016 by Andrew Hodes
Is it safe to say that the cloud today is mainstream? With recent research finding that adoption rates fall well into the 90 percent range, mainstream is likely. Increasing numbers of organizations are relying on the cloud, and we’re discovering that many long-held ideas about the cloud simply don’t hold true anymore. Here are four ways in which the maturity of cloud te...
Breaking Down the Essential Elements for DevOps Success
Thursday, January 21, 2016 by Stuart Parkerson
We recently visited with Michael Madden, CA Technologies General Manager - DevOps, to tap into his expertise and insight into how companies can realize the full potential of adopting a DevOps Mentality. ADM: What is the difference between DevOpsSec, Secure DevOps and Rugged DevOps?Madden: There are many definitions around each of these movements, but fundamentally ...
New Study Shows Companies Lacking in API Security Measures
Friday, August 7, 2015 by Richard Harris
Akana has published the findings of its Global State of API Security Survey 2015 which surveyed over 250 security practitioners. Respondents including CSOs, CISOs, and security architects, with over 50% of the executives from large global organizations.The survey’s purpose was to quantify the maturity of API security practices among digital enterprises. The survey resul...
Agile Innovation: Crossing the Wetware Chasm for Business Transformation
Friday, June 12, 2015 by Alex Robbio
“ The modern era’s less rigid development methodologies - Behavior Driven Development, Scrum and Kanban complemented by “Hackathon” team-blending campaigns - are proven to accelerate agile innovation, trusted collaboration and business transformation.”Modern-era IT jargon has coined the term “wetware” to describe the collective human capital - the programmers, developer...