software security

software security news search results

Developer news items we found relating to software security

21 results
Code-security-gamification-company-nabs-$3.5M-in-funding

Code security gamification company nabs $3.5M in funding


Friday, September 14, 2018 by

Secure application development platform provider Secure Code Warrior announced that it has gained US $3.5 million in funding from two strategic venture capital firms. The financing was led by Washington DC-based Paladin Capital Group, with participation from Sydney-based AirTree Ventures. The initial funding round will allow the company to further expand its rapidly gro...


ZipperDown-vulnerability-puts-thousands-of-iOS-apps-at-risk

ZipperDown vulnerability puts thousands of iOS apps at risk


Tuesday, May 22, 2018 by

ZipperDown vulnerability has put at risk potentially thousands of iOS apps on the market. Pangu Lab recently found that a vulnerability previously discovered in OAuth security is now being exploited by hackers to run malicious code on iOS applications. Casey Ellis, CTO of Bugcrowd, recently spoke on the matter, giving an in-depth technical overview of ZipperDown to deve...


npm@6-package-manager-brings-new-security-features

npm@6 package manager brings new security features


Wednesday, April 25, 2018 by

npm, Inc. has announced npm@6, a major update to its JavaScript software installer tool with new security features for developers who work with open source code. npm@6 will be included as part of the Node.js v10.x release line, and leverages the assets of the Node Security Platform, the definitive source of JavaScript vulnerabilities, recently acquired by npm, Inc.In an...


Why-developers-run-away-from-security-updates

Why developers run away from security updates


Monday, April 16, 2018 by

Veracode, Inc. has released new data that shines a light on the discrepancy between component security and hygiene. According to the research conducted with Vanson Bourne, only 52 percent of developers using commercial or open source components in their applications update those components when a new security vulnerability is announced. This highlights organizations’ la...


Pulse-Secure-expands-to-support-hybrid-IT-with-secure-access

Pulse Secure expands to support hybrid IT with secure access


Monday, April 16, 2018 by

Pulse Secure has announced new cloud and virtual appliances to protect access and support applications in hybrid IT environments. Enterprises are quickly moving to deploy hybrid IT, leveraging the cloud to introduce new user services and gain disaster recovery resiliency, as well as continuing to use the data center when they must have total control of the application. ...


NodeSource-announces-N|Solid-3.1

NodeSource announces N|Solid 3.1


Wednesday, April 4, 2018 by

NodeSource has announced the availability of N|Solid 3.1, a Node.js platform developed to help users build, manage, secure and analyze Node.js applications. N|Solid 3.1 features a powerful new debugging tool to help identify memory leaks, improved customization opportunities, and the ability to accommodate a larger variety of customer networks and configurations.N|Solid...


A-Blockchain-messaging-platform-that

A Blockchain messaging platform that's unstoppable


Tuesday, April 3, 2018 by

Today’s instant messaging is about to get a violent shove forward by way of encryption, and Blockchain. Almost all messaging platforms rely on client to server communication, where a unique ID is given to a thread, and stored in a centralized database somewhere. But it’s always been volatile to censorship, network blocking, or any other form of controlled policing....


Forrester-recognizes-Prevoty-for-it

Forrester recognizes Prevoty for it's RASP


Monday, April 2, 2018 by

Prevoty is cited as the leader of runtime application self-protection (RASP) technologies in The Forrester New Wave: Runtime Application Self-Protection, Q1 2018, released recently. Analysts from the influential research and advisory firm evaluated the eight most significant RASP vendors, interviewed customers, received demonstrations, and measured each solution against...


New-software-security-guide-from-SAFECode-publishes

New software security guide from SAFECode publishes


Monday, April 2, 2018 by

The Software Assurance Forum for Excellence in Code (SAFECode) announced the publication of the Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Life Cycle Program (Third Edition).The guide was written by SAFECode members to help software developers, development organizations and technology users initiate or improve their...


Cloud-Foundry-Summit-North-America-2018-details

Cloud Foundry Summit North America 2018 details


Friday, February 2, 2018 by

Cloud Foundry Foundation has announced the initial schedule, including keynote speakers, for the North American Cloud Foundry Summit, April 18-20, 2018 at the Boston Convention Center. With standard pricing ending February 9, registration will increase $200 to $845.The North American Cloud Foundry Summit keynote line-up includes:Matt Curry, Director, Director of Cloud E...


Enterprises-need-a-software-security-program

Enterprises need a software security program


Tuesday, January 30, 2018 by

The answer to the “why” enterprises need a software security program question is pretty straightforward. There are no circumstances under which any but the smallest firms can expect a collection of independent activities - a pen test here, an hour of training there, some free tools that may or may not work as advertised - will consistently result in appropriately secure...


DevSecOps-is-important-and-here-is-why

DevSecOps is important and here is why


Friday, October 20, 2017 by

In the digital age, securing your development projects against malicious hackers can be quite the challenge. And when you take security and try to scale security to an enterprise, the challenge seems insurmountable. Evident by the frequent hacking incidents we see come through the news.Enter DevSecOps. DevSecOps is a methodology that interweaves the aspects of DevOps an...


Veracode-announced-two-new-key-integrations

Veracode announced two new key integrations


Friday, August 11, 2017 by

Veracode, a software security company acquired by CA Technologies, has announced the Veracode HPE Application Lifecycle Manager (ALM) Flaw Synchronizer Plug-in, which empowers development and QA/release engineers to fix security vulnerabilities early in the Software Development Lifecycle (SDLC). The company also announced an enhanced integration to the Veracode Applicat...


With-DevOps-security-must-work-differently

With DevOps security must work differently


Tuesday, June 27, 2017 by

Because “software is eating the world,” as Mark Andreessen famously noted, application security gets harder every day; every line of code written opens organizations to new vulnerabilities and breaches. Furthermore, legacy solutions, such as static analysis, dynamic analysis and web application firewalls have failed to keep pace with Agile and DevOps practices. Teams ne...


What-works-best-with-IoT-devices:-hardware-vs-software-presentation

What works best with IoT devices: hardware vs software presentation


Thursday, March 2, 2017 by

Icon Labs, a provider of security solutions for IoT and edge devices, has announced Icon Labs President Alan Grau has been selected to present at Embedded World Show Europe. Alan’s presentation will provide engineers, product managers and executives with an overview of the available security technologies for the IoT and IIoT, and a framework to start building secur...


The-use-of-vulnerable-open-source-components-putting-more-software-at-risk

The use of vulnerable open source components putting more software at risk


Tuesday, October 18, 2016 by

Veracode has released the findings in its annual State of Software Security Report (SoSS). The seventh edition of the report presents metrics drawn from code-level analysis of billions of lines of code across 300,000 assessments performed over the last 18 months. The report revealed that the continued and persistent use of components in software development is creating ...


Mobeewave-Tells-Us-About-the-Challenges-With-Mobile-Wallets

Mobeewave Tells Us About the Challenges With Mobile Wallets


Monday, September 26, 2016 by

Mobeewave is a Montreal-based FinTech company that has developed a patented technology that will enable banks around the world to capitalize on the market for cash-in-hand transactions. Their game-changing payment acceptance platform facilitates in-person, proximity mobile payments and is available as a white label platform-as-a-service (PaaS) technology for the banking...


Commercial-IoT-Revenue-on-the-Rise

Commercial IoT Revenue on the Rise


Friday, May 20, 2016 by

The Technology Business Research 4Q15 Commercial IoT Benchmark shows that total commercial IoT revenue among 21 benchmarked companies grew 14.8% year-to-year in 4Q15, reaching $6.7 billion.TBR’s Commercial IoT Benchmark examines the trends and revenues in the commercial IoT market, geographies and use cases, and highlights leaders and laggards in each segment. The bench...


86-Percent-of-PHP-Based-Applications-Contain-at-Least-One-Cross-Site-Scripting-Vulnerability

86 Percent of PHP Based Applications Contain at Least One Cross-Site Scripting Vulnerability


Tuesday, December 8, 2015 by

Veracode is reporting that its analytics show 86 percent of PHP-based applications contain at least one Cross-Site Scripting (XSS) vulnerability and 56 percent have at least one SQL injection (SQLi) when initially assessed by Veracode. The analysis is part of a supplement to Veracode’s “2015 State of Software Security: Focus on Application Development”, which is a repor...


New-Report-Highlights-Wide-Ranging-Cybersecurity-Challenges

New Report Highlights Wide Ranging Cybersecurity Challenges


Wednesday, September 2, 2015 by

Cybersecurity Ventures has released its Cybersecurity Market Report for Q3 2015 which provides an overview of software development and application security trends, statistics, best practices, and resources. Highlights of the report include:- “The SANS Institute 2015 State of Application Security Report” states that many information security engineers don’t understa...


Android-App-Developers-Need-to-Check-Their-Apps-for-Heartbleed-Vulnerability-

Android App Developers Need to Check Their Apps for Heartbleed Vulnerability


Thursday, April 24, 2014 by

A report from FireEye, a company that provides a virtual machine-based software security platform protecting companies against cyber attacks, has found that 150 million downloads of Android apps contain OpenSSL libraries vulnerable to Heartbleed.Heartbleed allows attackers to steal sensitive information from vulnerable websites by sending crafted SSL heartbeat mess...


co