Russian airport hacked as St. Petersburg website reports cyberattack
Monday, October 6, 2025 by Trey Abbe
Pulkovo airport, the primary international gateway for St. Petersburg, reported that its official website had been compromised in a cyberattack. The airport serves millions of passengers annually, making secure digital operations essential for timely flight information and passenger services. Officials confirmed that the attack temporarily disrupted access to the websit...
Universities fighting cybercrime with students
Thursday, April 24, 2025 by Richard Harris
Universities, one of the most popular targets for cybercriminals, are employing a new tool in the fight against cybercrime, their own students.
Over the past few years, universities and colleges around the U.S. have been increasingly hiring students and training them to become analysts in their security operations centers, known as SOCs. Students work alongside...
Software security in 2025 - Four encouraging trends
Thursday, December 26, 2024 by Austin Harris
The good news is that over the last few years software development organizations have embraced their role in ensuring the security of their applications in the face of ever-increasing threats to their organizations. The bad news is that they are struggling with how to protect code without overburdening developers, slowing down releases, and generally hindering innovatio...
Real time security software development from Symbiotic Security
Friday, November 22, 2024 by Richard Harris
Symbiotic Security launched a real-time security for software development that combines detection and remediation with just-in-time training – incorporating security testing and training directly into the development process without breaking developers’ workflows.
Backed with $3 million of seed funding from investors including Lerer Hippeau, Axeleo C...
Secure software development insights from The Linux Foundation
Monday, February 5, 2024 by Richard Harris
The Linux Foundation published a new report, Maintainer Perspectives on Open Source Software Security, based on a survey of OSS maintainers and core contributors, to understand perspectives on OSS security and the uptake and adoption of security best practices by maintainers, core contributors, end users, and other members of the OSS ecosystem.
Maintainer Perspective...
ASPM 2024 report from Cycode
Friday, December 15, 2023 by Richard Harris
Cycode announced the release of its inaugural State of ASPM 2024 report. The research found that AppSec chaos reigns, with 78% of CISOs responding that today’s AppSec attack surfaces are unmanageable and 90% of responders confirmed relationships between their security and development teams need to improve. Surprisingly, 77% of CISOs believe software supply ch...
Oxeye discovers vulnerability in HashiCorp Vault Project
Tuesday, April 25, 2023 by Austin Harris
Oxeye announced the discovery of a new vulnerability in the HashiCorp Vault Project that has now been patched. HashiCorp Vault is a popular identity-based secret and encryption management system used to control access to API encryption keys, passwords, and certificates. The vulnerability was automatically discovered and reported by the Oxeye Platform during a deployment...
PKI Spotlight security solution launches
Wednesday, April 6, 2022 by Austin Harris
PKI Solutions announced the introduction of PKI Spotlight, an industry solution that provides real-time monitoring and alerting of the availability, configuration, and security of all organizations' PKI environments, all consolidated into one easy-to-use dashboard. PKI is a foundational technology for almost every identity and data encryption solution...
DevOps predictions for 2022
Wednesday, January 19, 2022 by Richard Harris
Yoav Landman, Co-Founder, and CTO of JFrog created Artifactory after 7 years as a senior consultant with AlphaCSP. He has held several senior technical roles with Attunity, Verve, and Sausage. Yoav holds a Master of Computing degree from RMIT University and a BA in Law (LLB) from Haifa University.
Low-Code/No-Code, Metaverse, and DevOps predictions for 2022
Landma...
Low code platform Zenity lands $5M in funding
Wednesday, December 8, 2021 by Austin Harris
Zenity exited stealth mode with a $5 million seed funding round, led by Vertex Ventures and UpWest, and backed by top executives such as the former CISO of Google, Gerhard Eschelbeck, and former CIO of SuccessFactors, Tom Fisher. With Zenity, businesses can promote citizen development and adopt Low-Code/No-Code platforms while avoiding critical data exfiltration or disr...
2021 Coding Week recap from industry experts
Monday, September 20, 2021 by Richard Harris
National Coding Week takes place during September 13 - September 19 and it is a great time to engage everyone into coding in a fun and easy way. According to an article from National Today, "92 percent of executives believe American workers are not as skilled as they need to be." National Coding Week is a perfect opportunity for improving your coding skills to...
Opsera has announced its Salesforce CD release automation
Monday, June 28, 2021 by Brittany Hainzinger
Opsera announces its native Salesforce CI/CD release automation functionality. This new feature gives Business Application teams the same powerful DevOps platform that software delivery teams use to significantly shorten software delivery cycles, enhance pipeline quality and security, lower operations costs and align software delivery to business outcomes.
Industry s...
DevSecOps 7th annual Community Survey results
Wednesday, April 15, 2020 by Brittany Hainzinger
Sonatype published findings from its seventh annual DevSecOps Community Survey, based on responses from 5,045 software engineering professionals. The survey, developed and conducted in partnership with Carnegie Mellon’s Software Engineering Institute, CloudBees, DevOps Institute, DevOps.com, DevSecOps Days, NowSecure, Security Boulevard, Verica, and All Day DevOps...
Container runtime scanning open source software launched by Portshift
Thursday, March 26, 2020 by Brittany Hainzinger
Portshift introduced Kubei Open Source container scanning software. Kubei is a unique open source Kubernetes runtime images scanning solution, presented to invite developer collaboration for the hardening of runtime environments. Kubei identifies which pods were built from vulnerable images or contain newly discovered vulnerabilities, then it couples the Kubernetes info...
Volterra emerges from Stealth
Friday, November 22, 2019 by Austin Harris
Volterra announced it has launched from two years of stealth operations with over $50 million in funding to date. Investors include top-tier venture capital firms Khosla Ventures, Mayfield and M12 (Microsoft’s venture fund), as well as a growing set of strategic investors/partners including Itochu Technology Ventures and Samsung NEXT. Volterra’s launch come...
IAST supports AppSec efficiencies while cutting costs and headaches
Monday, November 26, 2018 by Asma Zubair
It’s easy to feel passionate about interactive application security testing (IAST) in the world of application security. You see, IAST makes security testing almost invisible. It’s not something that requires a highly trained team to be brought in to carry out and analyze testing results. It doesn’t hold up other teams or processes from moving forward....
Code security gamification company nabs $3.5M in funding
Friday, September 14, 2018 by Austin Harris
Secure application development platform provider Secure Code Warrior announced that it has gained US $3.5 million in funding from two strategic venture capital firms. The financing was led by Washington DC-based Paladin Capital Group, with participation from Sydney-based AirTree Ventures. The initial funding round will allow the company to further expand its rapidly gro...
What some experts are saying about GDPR
Friday, May 18, 2018 by Austin Harris
The GDPR bill is causing an uproar in the industry as the compliance date comes ever nearer. Yet few can say they actually know much about the bill that will come into place on May 25th.GDPR, or the General Data Protection Regulation, is an expansion upon the EU’s previous Data Protection Act of 1998, extending the boundary of its territorial mandate from whatever juris...
Netskope unifies enterprise cloud and web security
Thursday, April 5, 2018 by Austin Harris
Netskope has announced the general availability of Netskope for Web, an expansion of the Netskope Cloud Security platform that enables safe web use for enterprise organizations. Powered by the same cloud-native architecture and patented Cloud XD technology of the award-winning and market-leading Netskope cloud access security broker (CASB), Netskope for Web uniquely und...
Enterprises need a software security program
Tuesday, January 30, 2018 by Sammy Migues
The answer to the “why” enterprises need a software security program question is pretty straightforward. There are no circumstances under which any but the smallest firms can expect a collection of independent activities - a pen test here, an hour of training there, some free tools that may or may not work as advertised - will consistently result in appropriately secure...
Why enterprises will modernize their enterprise apps this year
Wednesday, January 24, 2018 by Richard Harris
Sapho and IDG Communications have released the results of a survey targeting 160 IT Directors and Chief Information and Technology Officers at enterprise companies with more than 1,000 employees. The results show an overwhelming number (78%) of respondents planning to upgrade their organization’s enterprise applications this year in an effort to provide employees with b...
Automated Security as a Service platform by ShiftLeft launches
Monday, October 16, 2017 by Austin Harris
ShiftLeft Inc. has introduced an automated Security as a service (SECaaS) for cloud software that creates custom security and threat detection for each application it supports. With ShiftLeft, organizations can now secure their cloud applications as part of their continuous integration pipeline, rather than merely reacting to threats discovered in production. ShiftLeft ...
Rethinking DevOps as DevSecOps
Thursday, October 12, 2017 by Akshay Aggarwal
If you’re not already thinking right now that your DevOps teams should be run like a DevSecOps team, you may already be in a world of hurt. Time to wake up! As the adoption of APIs continues to grow, so do the risks to organizations that don’t actively test the security of their solutions. Modern Agile development frameworks have changed the way engineering teams produc...
Tips for securing container deployments
Friday, September 1, 2017 by Richard Harris
Container deployments are still susceptible to the regular threats that other types of deployments are - including DDoS and cross-site scripting attacks. In fact, hackers often take advantage of compromised containers to scan sensitive data, download malware, or privilegeunauthorized access to any of your containers, hosts or data centers.Fei Huang is the CEO of NeuVect...
Why runtime application selfprotection is critical for app security
Tuesday, June 20, 2017 by David Strom
Today most of us go about implementing security from the outside in. The common practice is to start by defining a perimeter and trying to defend it with various security tools. Even though perimeters have been porous for more than a decade, we still can’t give up this notion that if we build a better wall we can keep our enterprises safer.Certainly that is where most e...
DevSecOps will help security and developers play nice
Thursday, June 15, 2017 by Richard Harris
Veracode, a security software company acquired by CA Technologies, has announced the results of a study examining the relationships between application developers and security teams.The study, conducted in conjunction with Enterprise Strategy Group (ESG), shows that despite the pervasive belief that security and development teams have conflicting priorities, initiatives...
Quali's CloudShell version 8 is now generally availability
Friday, April 28, 2017 by Austin Harris
OpenStack adoption in enterprises is becoming increasingly embraced as revenues grow at 35% CAGR, according to 451 Research. Adoption of OpenStack is increasing among organizations with over 1,000 employees both with on-premise and hosted OpenStack deployments. The 451 Research team predicts a growing number of use-cases across enterprise and service provider deployment...
WhiteSource Bolt detects vulnerable open source components
Thursday, March 30, 2017 by Richard Harris
WhiteSource, a continuous open source security and compliance management company, has announced the launch of a new open source management tool integrated within the Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS) platforms - the WhiteSource Bolt (Bolt).Bolt is fully immersed within the VSTS and TFS products, so users can detect vulnerable ...
80 percent of web apps have security flaws
Tuesday, February 14, 2017 by Richard Harris
Data collected by Contrast Labs has revealed that sensitive data exposures, which include missing and weak encryption, are the top vulnerability plaguing 69 percent of web applications and accounting for 26 percent of all vulnerabilities. Their research has also found that 80 percent of tested software applications had at least one vulnerability, with an average of 45 v...
IBM Watson for cyber security has cognitive skills
Monday, February 13, 2017 by Richard Harris
According to IBM research, security teams sift through more than 200,000 security events per day on average, leading to over 20,000 hours per year wasted chasing false positives. The need to introduce cognitive technologies into security operations centers will be critical to keep up with the anticipated doubling of security incidents over the next five years and increa...
The data security money pit
Wednesday, January 25, 2017 by Richard Harris
93% of organizations suffer technical challenges to protect data despite heavy investment in security tools.While data breaches destroy customer confidence, impact revenues, attract large regulatory fines and cost C-levels their jobs, 76% of data security professionals believe in the maturity of their data security strategy, according to a new study. Despite heavy inves...
8 cyber security predictions for what's to come in AsiaPacific
Thursday, December 29, 2016 by Austin Harris
Cyber security received heightened interest in 2016 due to a spate of cyber attacks in the region. These included cyber attacks on the database of 55 million voters at the Philippines Commission on Elections (COMELEC), the National Payment Corporation of India (NPCI), US$81 million cyber heist at the Bangladesh Central Bank and the massive data leaks as shown by the Yah...
Cyberbit's SOC 3D automation updates and what you should know
Tuesday, December 20, 2016 by Richard Harris
Cyberbit just announced a new version of its SOC 3D automation and orchestration platform that increases productivity and effectiveness of the SOC and substantially reduces incident response times. The new platform integrates with all major SIEM and security solutions, automates SOC runbooks and workflows, and prioritizes incidents according to their business impact. It...
What happens to security when your apps go to the cloud
Wednesday, November 9, 2016 by Richard Harris
When Marc Andreessen wrote, “software is eating the world,” he meant that every business is literally turning into software. The problem is that every line of code you write makes you easier to attack. Historically, we dealt with security by putting up walls and scanning. But the complexity of modern software environments has made these approaches ineffective ...
HPE Study identifies significant barriers with integrating security and DevOps
Tuesday, October 25, 2016 by Richard Harris
The HPE Application Security and DevOps Report just released, which discusses in depth where organizations are at in their implementation of DevOps, and how application security fits within this new model. While there is a perception that security and DevOps go hand-in-hand, there are significant gaps between the opportunity of incorporating security as a natural part o...
_7xsmrrta.jpg "Real-time-security-software-development-from-Symbiotic-Security")
