software security

software security news search results

Developer news items we found relating to software security

29 results
Your-tech-job-just-laid-you-off.-Now-what

Your tech job just laid you off. Now what


Wednesday, June 10, 2020 by

Between March 11th and May 31st more than 600 startups have let nearly 60,000 employees go, according to Layoffs.fyi. If you’re among those, my sincere condolences. This guide should help you avoid some common pitfalls and help you get back on your feet as quickly as possible. If you’re still employed, now is a good time to get a game-plan together for wh...


FTC-cracks-down-on-stalking-apps

FTC cracks down on stalking apps


Thursday, October 24, 2019 by

The Federal Trade Commission has barred the developers of three “stalking” apps from selling apps that monitor consumers’ mobile devices unless they take certain steps to ensure the apps will only be used for legitimate purposes. The settlement resolves allegations that these apps compromised the privacy and security of the consumer devices on which th...


New-IoT-WiFi-and-BLE-module-operates-for-years-on-a-single-AA-battery

New IoT WiFi and BLE module operates for years on a single AA battery


Tuesday, February 26, 2019 by

Telit announced the availability of its latest module, the WL865E4-P. The low-power Wi-Fi Bluetooth Low Energy (BLE) combination module is based on the Qualcomm QCA4020 system-on-chip (SoC) and is designed for high-bandwidth applications such as health care, video, smart home, and industrial control. Featuring integrated cryptology hardware, the WL865E4-P enables IoT de...


UN-commission-sets-cyber-security-regulations-for-Europe

UN commission sets cyber security regulations for Europe


Wednesday, January 9, 2019 by

The United Nations Economic Commission for Europe (UNECE) has confirmed it will integrate the widely used ISA/IEC 62443 series of standards into its forthcoming Common Regulatory Framework on Cybersecurity (CRF). The CRF will serve as an official UN policy position statement for Europe. At its recent annual meeting in Geneva, UNECE’s Working Party on Regulatory...


Independent-Games-Festival-finalists-and-ceremony-at-GDC-2019

Independent Games Festival finalists and ceremony at GDC 2019


Friday, January 4, 2019 by

The Independent Games Festival (IGF) has revealed the finalists for its 21st annual awards ceremony. The IGF Awards will take place March 20th, 2019 at 6.30pm PT during the Game Developers Conference 2019, and will be hosted by Meg Jayanth, the award-winning writer of 80 Days, the acclaimed globetrotting interactive storytelling game and former IGF Award winner for Exce...


Transforming-industries-with-photoenabled-apps

Transforming industries with photoenabled apps


Monday, December 24, 2018 by

They say a picture’s worth a thousand words, which is probably why there are thousands of mobile apps designed to help users capture, send and discover images of what’s important to them. Ever since the first smartphone slid off the assembly line, photos have been an essential feature of mobile marketing and social media. But while consumer-facing tools have...


Cloud-technology-survey-reveals-a-hybrid-cloud-future

Cloud technology survey reveals a hybrid cloud future


Sunday, December 23, 2018 by

LogicMonitor, a hybrid cloud SaaS-based performance monitoring platform for Enterprise IT, has polled 135 cloud professionals at AWS re:Invent to explore how companies are managing their workloads in the data center and in the cloud. The survey shows more than half of respondents are engaging with multiple public cloud platforms and that 11 percent have hybrid workloads...


Gamification-can-transform-your-software-security-program

Gamification can transform your software security program


Tuesday, December 18, 2018 by

No matter the organization, or indeed their individual circumstances, there is one problem I have identified time and time again over the course of my career: AppSec managers, CISOs, CIOs and cybersecurity experts all over the world are rarely able to positively engage their dev teams on security best practice and training. It’s a source of conflict between teams,...


Code-security-gamification-company-nabs-$3.5M-in-funding

Code security gamification company nabs $3.5M in funding


Friday, September 14, 2018 by

Secure application development platform provider Secure Code Warrior announced that it has gained US $3.5 million in funding from two strategic venture capital firms. The financing was led by Washington DC-based Paladin Capital Group, with participation from Sydney-based AirTree Ventures. The initial funding round will allow the company to further expand its rapidly gro...


ZipperDown-vulnerability-puts-thousands-of-iOS-apps-at-risk

ZipperDown vulnerability puts thousands of iOS apps at risk


Tuesday, May 22, 2018 by

ZipperDown vulnerability has put at risk potentially thousands of iOS apps on the market. Pangu Lab recently found that a vulnerability previously discovered in OAuth security is now being exploited by hackers to run malicious code on iOS applications. Casey Ellis, CTO of Bugcrowd, recently spoke on the matter, giving an in-depth technical overview of ZipperDown to deve...


npm@6-package-manager-brings-new-security-features

npm@6 package manager brings new security features


Wednesday, April 25, 2018 by

npm, Inc. has announced npm@6, a major update to its JavaScript software installer tool with new security features for developers who work with open source code. npm@6 will be included as part of the Node.js v10.x release line, and leverages the assets of the Node Security Platform, the definitive source of JavaScript vulnerabilities, recently acquired by npm, Inc.In an...


Why-developers-run-away-from-security-updates

Why developers run away from security updates


Monday, April 16, 2018 by

Veracode, Inc. has released new data that shines a light on the discrepancy between component security and hygiene. According to the research conducted with Vanson Bourne, only 52 percent of developers using commercial or open source components in their applications update those components when a new security vulnerability is announced. This highlights organizations’ la...


Pulse-Secure-expands-to-support-hybrid-IT-with-secure-access

Pulse Secure expands to support hybrid IT with secure access


Monday, April 16, 2018 by

Pulse Secure has announced new cloud and virtual appliances to protect access and support applications in hybrid IT environments. Enterprises are quickly moving to deploy hybrid IT, leveraging the cloud to introduce new user services and gain disaster recovery resiliency, as well as continuing to use the data center when they must have total control of the application. ...


NodeSource-announces-N|Solid-3.1

NodeSource announces N|Solid 3.1


Wednesday, April 4, 2018 by

NodeSource has announced the availability of N|Solid 3.1, a Node.js platform developed to help users build, manage, secure and analyze Node.js applications. N|Solid 3.1 features a powerful new debugging tool to help identify memory leaks, improved customization opportunities, and the ability to accommodate a larger variety of customer networks and configurations.N|Solid...


A-Blockchain-messaging-platform-that

A Blockchain messaging platform that's unstoppable


Tuesday, April 3, 2018 by

Today’s instant messaging is about to get a violent shove forward by way of encryption, and Blockchain. Almost all messaging platforms rely on client to server communication, where a unique ID is given to a thread, and stored in a centralized database somewhere. But it’s always been volatile to censorship, network blocking, or any other form of controlled policing....


Forrester-recognizes-Prevoty-for-it

Forrester recognizes Prevoty for it's RASP


Monday, April 2, 2018 by

Prevoty is cited as the leader of runtime application self-protection (RASP) technologies in The Forrester New Wave: Runtime Application Self-Protection, Q1 2018, released recently. Analysts from the influential research and advisory firm evaluated the eight most significant RASP vendors, interviewed customers, received demonstrations, and measured each solution against...


New-software-security-guide-from-SAFECode-publishes

New software security guide from SAFECode publishes


Monday, April 2, 2018 by

The Software Assurance Forum for Excellence in Code (SAFECode) announced the publication of the Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Life Cycle Program (Third Edition).The guide was written by SAFECode members to help software developers, development organizations and technology users initiate or improve their...


Cloud-Foundry-Summit-North-America-2018-details

Cloud Foundry Summit North America 2018 details


Friday, February 2, 2018 by

Cloud Foundry Foundation has announced the initial schedule, including keynote speakers, for the North American Cloud Foundry Summit, April 18-20, 2018 at the Boston Convention Center. With standard pricing ending February 9, registration will increase $200 to $845.The North American Cloud Foundry Summit keynote line-up includes:Matt Curry, Director, Director of Cloud E...


Enterprises-need-a-software-security-program

Enterprises need a software security program


Tuesday, January 30, 2018 by

The answer to the “why” enterprises need a software security program question is pretty straightforward. There are no circumstances under which any but the smallest firms can expect a collection of independent activities - a pen test here, an hour of training there, some free tools that may or may not work as advertised - will consistently result in appropriately secure...


DevSecOps-is-important-and-here-is-why

DevSecOps is important and here is why


Friday, October 20, 2017 by

In the digital age, securing your development projects against malicious hackers can be quite the challenge. And when you take security and try to scale security to an enterprise, the challenge seems insurmountable. Evident by the frequent hacking incidents we see come through the news.Enter DevSecOps. DevSecOps is a methodology that interweaves the aspects of DevOps an...


Veracode-announced-two-new-key-integrations

Veracode announced two new key integrations


Friday, August 11, 2017 by

Veracode, a software security company acquired by CA Technologies, has announced the Veracode HPE Application Lifecycle Manager (ALM) Flaw Synchronizer Plug-in, which empowers development and QA/release engineers to fix security vulnerabilities early in the Software Development Lifecycle (SDLC). The company also announced an enhanced integration to the Veracode Applicat...


With-DevOps-security-must-work-differently

With DevOps security must work differently


Tuesday, June 27, 2017 by

Because “software is eating the world,” as Mark Andreessen famously noted, application security gets harder every day; every line of code written opens organizations to new vulnerabilities and breaches. Furthermore, legacy solutions, such as static analysis, dynamic analysis and web application firewalls have failed to keep pace with Agile and DevOps practices. Teams ne...


What-works-best-with-IoT-devices:-hardware-vs-software-presentation

What works best with IoT devices: hardware vs software presentation


Thursday, March 2, 2017 by

Icon Labs, a provider of security solutions for IoT and edge devices, has announced Icon Labs President Alan Grau has been selected to present at Embedded World Show Europe. Alan’s presentation will provide engineers, product managers and executives with an overview of the available security technologies for the IoT and IIoT, and a framework to start building secur...


The-use-of-vulnerable-open-source-components-putting-more-software-at-risk

The use of vulnerable open source components putting more software at risk


Tuesday, October 18, 2016 by

Veracode has released the findings in its annual State of Software Security Report (SoSS). The seventh edition of the report presents metrics drawn from code-level analysis of billions of lines of code across 300,000 assessments performed over the last 18 months. The report revealed that the continued and persistent use of components in software development is creating ...


Mobeewave-Tells-Us-About-the-Challenges-With-Mobile-Wallets

Mobeewave Tells Us About the Challenges With Mobile Wallets


Monday, September 26, 2016 by

Mobeewave is a Montreal-based FinTech company that has developed a patented technology that will enable banks around the world to capitalize on the market for cash-in-hand transactions. Their game-changing payment acceptance platform facilitates in-person, proximity mobile payments and is available as a white label platform-as-a-service (PaaS) technology for the banking...


Commercial-IoT-Revenue-on-the-Rise

Commercial IoT Revenue on the Rise


Friday, May 20, 2016 by

The Technology Business Research 4Q15 Commercial IoT Benchmark shows that total commercial IoT revenue among 21 benchmarked companies grew 14.8% year-to-year in 4Q15, reaching $6.7 billion.TBR’s Commercial IoT Benchmark examines the trends and revenues in the commercial IoT market, geographies and use cases, and highlights leaders and laggards in each segment. The bench...


86-Percent-of-PHP-Based-Applications-Contain-at-Least-One-CrossSite-Scripting-Vulnerability

86 Percent of PHP Based Applications Contain at Least One CrossSite Scripting Vulnerability


Tuesday, December 8, 2015 by

Veracode is reporting that its analytics show 86 percent of PHP-based applications contain at least one Cross-Site Scripting (XSS) vulnerability and 56 percent have at least one SQL injection (SQLi) when initially assessed by Veracode. The analysis is part of a supplement to Veracode’s “2015 State of Software Security: Focus on Application Development”, which is a repor...


New-Report-Highlights-Wide-Ranging-Cybersecurity-Challenges

New Report Highlights Wide Ranging Cybersecurity Challenges


Wednesday, September 2, 2015 by

Cybersecurity Ventures has released its Cybersecurity Market Report for Q3 2015 which provides an overview of software development and application security trends, statistics, best practices, and resources. Highlights of the report include:- “The SANS Institute 2015 State of Application Security Report” states that many information security engineers don’t understa...


Android-App-Developers-Need-to-Check-Their-Apps-for-Heartbleed-Vulnerability-

Android App Developers Need to Check Their Apps for Heartbleed Vulnerability


Thursday, April 24, 2014 by

A report from FireEye, a company that provides a virtual machine-based software security platform protecting companies against cyber attacks, has found that 150 million downloads of Android apps contain OpenSSL libraries vulnerable to Heartbleed.Heartbleed allows attackers to steal sensitive information from vulnerable websites by sending crafted SSL heartbeat mess...