Secure software development education report from the Linux Foundation
Wednesday, August 7, 2024 by Richard Harris
Linux Foundation Research and the Open Source Security Foundation (OpenSSF) are pleased to release a new report titled "Secure Software Development Education 2024 Survey: Understanding Current Needs." Based on a survey of nearly 400 software development professionals, the analysis explores the current state of secure software development. It underscores&n...
Secure software development insights from The Linux Foundation
Monday, February 5, 2024 by Richard Harris
The Linux Foundation published a new report, Maintainer Perspectives on Open Source Software Security, based on a survey of OSS maintainers and core contributors, to understand perspectives on OSS security and the uptake and adoption of security best practices by maintainers, core contributors, end users, and other members of the OSS ecosystem.
Maintainer Perspective...
Open source AI trends for 2024 according to Eclipse Foundation
Thursday, December 21, 2023 by Richard Harris
Each year I usually like to make a few predictions about where the software industry, open source, and Eclipse Foundation projects are headed. This year is going to be a little broader, as some large trends are going to impact us in ways that should be discussed and understood.
Government regulation will impact the software industry
The first trend is that for the...
ASPM 2024 report from Cycode
Friday, December 15, 2023 by Richard Harris
Cycode announced the release of its inaugural State of ASPM 2024 report. The research found that AppSec chaos reigns, with 78% of CISOs responding that today’s AppSec attack surfaces are unmanageable and 90% of responders confirmed relationships between their security and development teams need to improve. Surprisingly, 77% of CISOs believe software supply ch...
App security training enhancements by Security Journey
Wednesday, July 19, 2023 by Freeman Lightner
Security Journey announced an acceleration of its secure coding training platform enhancements. Since combining HackEDU and Security Journey training offerings into one Platform, the company has added or refreshed almost 200 lessons and 25 languages, frameworks, and technologies; giving customers even more new training content to improve secure coding knowledge gain of ...
Zero trust policies for software releases could be key
Thursday, December 8, 2022 by Gopinath Rebala
Today’s integrated DevOps methodology offers businesses the promise of accelerating innovation by providing customers and employees with new application capabilities faster. However, this approach can also increase risks associated with cybercrime and the failure to comply with rapidly evolving privacy regulations. As a result, minimizing security risk during the ...
AppSecCon 2022 dates
Monday, May 9, 2022 by Freeman Lightner
The Purple Book Community, a community of top security leaders, announced that AppSecCon 2022 will take place May 18-19, 2022. The virtual event is expected to host thousands of leading security professionals from around the world.0
AppSecCon 2022 dates
When: May 18-19, 2022 from 9 a.m. to 2 p.m. (PT) each day
Where: Virtual Conference, Register Today! Presenta...
Your tech job just laid you off. Now what
Wednesday, June 10, 2020 by Matt Martin
Between March 11th and May 31st more than 600 startups have let nearly 60,000 employees go, according to Layoffs.fyi. If you’re among those, my sincere condolences. This guide should help you avoid some common pitfalls and help you get back on your feet as quickly as possible.
If you’re still employed, now is a good time to get a game-plan together for wh...
FTC cracks down on stalking apps
Thursday, October 24, 2019 by Freeman Lightner
The Federal Trade Commission has barred the developers of three “stalking” apps from selling apps that monitor consumers’ mobile devices unless they take certain steps to ensure the apps will only be used for legitimate purposes. The settlement resolves allegations that these apps compromised the privacy and security of the consumer devices on which th...
New IoT WiFi and BLE module operates for years on a single AA battery
Tuesday, February 26, 2019 by Austin Harris
Telit announced the availability of its latest module, the WL865E4-P. The low-power Wi-Fi Bluetooth Low Energy (BLE) combination module is based on the Qualcomm QCA4020 system-on-chip (SoC) and is designed for high-bandwidth applications such as health care, video, smart home, and industrial control. Featuring integrated cryptology hardware, the WL865E4-P enables IoT de...
UN commission sets cyber security regulations for Europe
Wednesday, January 9, 2019 by Austin Harris
The United Nations Economic Commission for Europe (UNECE) has confirmed it will integrate the widely used ISA/IEC 62443 series of standards into its forthcoming Common Regulatory Framework on Cybersecurity (CRF). The CRF will serve as an official UN policy position statement for Europe.
At its recent annual meeting in Geneva, UNECE’s Working Party on Regulatory...
Independent Games Festival finalists and ceremony at GDC 2019
Friday, January 4, 2019 by Richard Harris
The Independent Games Festival (IGF) has revealed the finalists for its 21st annual awards ceremony. The IGF Awards will take place March 20th, 2019 at 6.30pm PT during the Game Developers Conference 2019, and will be hosted by Meg Jayanth, the award-winning writer of 80 Days, the acclaimed globetrotting interactive storytelling game and former IGF Award winner for Exce...
Transforming industries with photoenabled apps
Monday, December 24, 2018 by Jindou Lee
They say a picture’s worth a thousand words, which is probably why there are thousands of mobile apps designed to help users capture, send and discover images of what’s important to them. Ever since the first smartphone slid off the assembly line, photos have been an essential feature of mobile marketing and social media. But while consumer-facing tools have...
Cloud technology survey reveals a hybrid cloud future
Sunday, December 23, 2018 by Richard Harris
LogicMonitor, a hybrid cloud SaaS-based performance monitoring platform for Enterprise IT, has polled 135 cloud professionals at AWS re:Invent to explore how companies are managing their workloads in the data center and in the cloud. The survey shows more than half of respondents are engaging with multiple public cloud platforms and that 11 percent have hybrid workloads...
Gamification can transform your software security program
Tuesday, December 18, 2018 by Pieter Danhieux
No matter the organization, or indeed their individual circumstances, there is one problem I have identified time and time again over the course of my career: AppSec managers, CISOs, CIOs and cybersecurity experts all over the world are rarely able to positively engage their dev teams on security best practice and training. It’s a source of conflict between teams,...
Code security gamification company nabs $3.5M in funding
Friday, September 14, 2018 by Austin Harris
Secure application development platform provider Secure Code Warrior announced that it has gained US $3.5 million in funding from two strategic venture capital firms. The financing was led by Washington DC-based Paladin Capital Group, with participation from Sydney-based AirTree Ventures. The initial funding round will allow the company to further expand its rapidly gro...
ZipperDown vulnerability puts thousands of iOS apps at risk
Tuesday, May 22, 2018 by Austin Harris
ZipperDown vulnerability has put at risk potentially thousands of iOS apps on the market. Pangu Lab recently found that a vulnerability previously discovered in OAuth security is now being exploited by hackers to run malicious code on iOS applications. Casey Ellis, CTO of Bugcrowd, recently spoke on the matter, giving an in-depth technical overview of ZipperDown to deve...
npm@6 package manager brings new security features
Wednesday, April 25, 2018 by Austin Harris
npm, Inc. has announced npm@6, a major update to its JavaScript software installer tool with new security features for developers who work with open source code. npm@6 will be included as part of the Node.js v10.x release line, and leverages the assets of the Node Security Platform, the definitive source of JavaScript vulnerabilities, recently acquired by npm, Inc.In an...
Why developers run away from security updates
Monday, April 16, 2018 by Richard Harris
Veracode, Inc. has released new data that shines a light on the discrepancy between component security and hygiene. According to the research conducted with Vanson Bourne, only 52 percent of developers using commercial or open source components in their applications update those components when a new security vulnerability is announced. This highlights organizations’ la...
Pulse Secure expands to support hybrid IT with secure access
Monday, April 16, 2018 by Richard Harris
Pulse Secure has announced new cloud and virtual appliances to protect access and support applications in hybrid IT environments. Enterprises are quickly moving to deploy hybrid IT, leveraging the cloud to introduce new user services and gain disaster recovery resiliency, as well as continuing to use the data center when they must have total control of the application. ...
NodeSource announces N|Solid 3.1
Wednesday, April 4, 2018 by Richard Harris
NodeSource has announced the availability of N|Solid 3.1, a Node.js platform developed to help users build, manage, secure and analyze Node.js applications. N|Solid 3.1 features a powerful new debugging tool to help identify memory leaks, improved customization opportunities, and the ability to accommodate a larger variety of customer networks and configurations.N|Solid...
A Blockchain messaging platform that's unstoppable
Tuesday, April 3, 2018 by Richard Harris
Today’s instant messaging is about to get a violent shove forward by way of encryption, and Blockchain. Almost all messaging platforms rely on client to server communication, where a unique ID is given to a thread, and stored in a centralized database somewhere. But it’s always been volatile to censorship, network blocking, or any other form of controlled policing....
Forrester recognizes Prevoty for it's RASP
Monday, April 2, 2018 by Richard Harris
Prevoty is cited as the leader of runtime application self-protection (RASP) technologies in The Forrester New Wave: Runtime Application Self-Protection, Q1 2018, released recently. Analysts from the influential research and advisory firm evaluated the eight most significant RASP vendors, interviewed customers, received demonstrations, and measured each solution against...
New software security guide from SAFECode publishes
Monday, April 2, 2018 by Richard Harris
The Software Assurance Forum for Excellence in Code (SAFECode) announced the publication of the Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Life Cycle Program (Third Edition).The guide was written by SAFECode members to help software developers, development organizations and technology users initiate or improve their...
Cloud Foundry Summit North America 2018 details
Friday, February 2, 2018 by Richard Harris
Cloud Foundry Foundation has announced the initial schedule, including keynote speakers, for the North American Cloud Foundry Summit, April 18-20, 2018 at the Boston Convention Center. With standard pricing ending February 9, registration will increase $200 to $845.The North American Cloud Foundry Summit keynote line-up includes:Matt Curry, Director, Director of Cloud E...
Enterprises need a software security program
Tuesday, January 30, 2018 by Sammy Migues
The answer to the “why” enterprises need a software security program question is pretty straightforward. There are no circumstances under which any but the smallest firms can expect a collection of independent activities - a pen test here, an hour of training there, some free tools that may or may not work as advertised - will consistently result in appropriately secure...
DevSecOps is important and here is why
Friday, October 20, 2017 by Richard Harris
In the digital age, securing your development projects against malicious hackers can be quite the challenge. And when you take security and try to scale security to an enterprise, the challenge seems insurmountable. Evident by the frequent hacking incidents we see come through the news.Enter DevSecOps. DevSecOps is a methodology that interweaves the aspects of DevOps an...
Veracode announced two new key integrations
Friday, August 11, 2017 by Austin Harris
Veracode, a software security company acquired by CA Technologies, has announced the Veracode HPE Application Lifecycle Manager (ALM) Flaw Synchronizer Plug-in, which empowers development and QA/release engineers to fix security vulnerabilities early in the Software Development Lifecycle (SDLC). The company also announced an enhanced integration to the Veracode Applicat...
With DevOps security must work differently
Tuesday, June 27, 2017 by Richard Harris
Because “software is eating the world,” as Mark Andreessen famously noted, application security gets harder every day; every line of code written opens organizations to new vulnerabilities and breaches. Furthermore, legacy solutions, such as static analysis, dynamic analysis and web application firewalls have failed to keep pace with Agile and DevOps practices. Teams ne...
What works best with IoT devices: hardware vs software presentation
Thursday, March 2, 2017 by Richard Harris
Icon Labs, a provider of security solutions for IoT and edge devices, has announced Icon Labs President Alan Grau has been selected to present at Embedded World Show Europe. Alan’s presentation will provide engineers, product managers and executives with an overview of the available security technologies for the IoT and IIoT, and a framework to start building secur...
The use of vulnerable open source components putting more software at risk
Tuesday, October 18, 2016 by Richard Harris
Veracode has released the findings in its annual State of Software Security Report (SoSS). The seventh edition of the report presents metrics drawn from code-level analysis of billions of lines of code across 300,000 assessments performed over the last 18 months. The report revealed that the continued and persistent use of components in software development is creating ...
Mobeewave Tells Us About the Challenges With Mobile Wallets
Monday, September 26, 2016 by Richard Harris
Mobeewave is a Montreal-based FinTech company that has developed a patented technology that will enable banks around the world to capitalize on the market for cash-in-hand transactions. Their game-changing payment acceptance platform facilitates in-person, proximity mobile payments and is available as a white label platform-as-a-service (PaaS) technology for the banking...
Commercial IoT Revenue on the Rise
Friday, May 20, 2016 by Stuart Parkerson
The Technology Business Research 4Q15 Commercial IoT Benchmark shows that total commercial IoT revenue among 21 benchmarked companies grew 14.8% year-to-year in 4Q15, reaching $6.7 billion.TBR’s Commercial IoT Benchmark examines the trends and revenues in the commercial IoT market, geographies and use cases, and highlights leaders and laggards in each segment. The bench...
86 Percent of PHP Based Applications Contain at Least One CrossSite Scripting Vulnerability
Tuesday, December 8, 2015 by Stuart Parkerson
Veracode is reporting that its analytics show 86 percent of PHP-based applications contain at least one Cross-Site Scripting (XSS) vulnerability and 56 percent have at least one SQL injection (SQLi) when initially assessed by Veracode. The analysis is part of a supplement to Veracode’s “2015 State of Software Security: Focus on Application Development”, which is a repor...
New Report Highlights Wide Ranging Cybersecurity Challenges
Wednesday, September 2, 2015 by Richard Harris
Cybersecurity Ventures has released its Cybersecurity Market Report for Q3 2015 which provides an overview of software development and application security trends, statistics, best practices, and resources. Highlights of the report include:- “The SANS Institute 2015 State of Application Security Report” states that many information security engineers don’t understa...