Compliance automation will take center stage this year
Tuesday, May 4, 2021 by Richard Harris
Compliance automation uses artificial intelligence features and technology to make compliance procedures easier - according to most sources on the web, about the meaning of compliance automation.
Progress Software CEO Yogesh Gupta says with smart companies turning to a compliance-as-code approach to keep infrastructure, apps, and end-user devices secure and com...
Six areas of focus for continuous security
Friday, April 16, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function and value and, unfortunately, they also provide one of the easiest openings for cyber criminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the conce...
Improving security posture with static application security testing
Friday, February 12, 2021 by Tim Jarrett
Amid the worldwide pursuit of digital transformation, the software has seen a meteoric rise, and application security has become paramount. As more companies become software-centric, they publish more applications, increasing the risk vulnerable code will be released. To help reduce this risk, static application security testing (SAST) can help dev teams find and fix we...
Security and reliability become one for APIs in 2021
Tuesday, January 19, 2021 by Freeman Lightner
Reliability -- especially for APIs -- is growing because our reliance on APIs is growing, while at the same time how we develop software has changed. Modern software stacks are written as a collection of microservices, with each service written in a type-safe language that better guards against low-hanging vulnerabilities. However, it also makes reasoning about how...
How DevOps will change in 2021
Saturday, January 9, 2021 by Freeman Lightner
DevOps will become much more security-aware. We’ll see greater attention paid to the newly expanded surface area created in the practice of DevOps and how to proactively protect against vulnerabilities in DevOps.
How DevOps will change in 2021 and the Impact from it
First, IT Ops and DevOps teams will need to reorient their processes to one that unifies...
Continuous delivery will no longer be an acceptable excuse in 2021
Tuesday, January 5, 2021 by Brittany Hainzinger
2021 will see a shift from the speed of delivery of software and applications to prioritizing the quality of the digital experience. Continuous delivery will no longer be an acceptable excuse for low quality. The approach of just release it, and if there are problems, we'll fix it in the next release will be retired. In our digitally dependent world, users will no l...
5 mistakes businesses make in application development
Friday, October 23, 2020 by Mayur S Shah
5 Mistakes Businesses Make While Prioritizing Speed Over Security in Application Development
Earlier this year, the Democratic party in Iowa announced its plans to use a smartphone app to calculate and transmit their caucus results. One would think that by using technology to improve the speed of governance, what could possibly go wrong? A lot, apparently. The a...
Trump and Biden app vulnerabilities raise concern
Thursday, October 22, 2020 by Doug Dooley
With election season upon us, the US population is being inundated by candidate and proposition propaganda from a variety of sources – including television, the US mail, and mobile device apps. As annoying as this flood of information is at times, it’s important to understand that when it comes to these popular apps, and in fact all apps, if certain security...
HackNotice announces threat intelligence platform
Friday, September 18, 2020 by Brittany Hainzinger
HackNotice announced the launch of HackNotice Teams, a cybersecurity management platform powered by actionable threat intelligence and an industry solution to foster a company-wide culture of security. Built on HackNotice Premium’s technology, HackNotice Teams scours the dark web to alert employees of vulnerabilities, compromised information, and data breaches in ...
Being careful about 3rd party APIs
Monday, August 24, 2020 by Ameya Talwalkar
Over the past couple of years, we’ve seen a marked shift in the nature of API traffic from being largely driven by human actions to be increasingly machine-driven. While it used to take a human to click something on a website to trigger an API call and response, there are now sites and apps where upwards of 98% of total traffic is the result of bots -- some legiti...
GitLab acquires Peach Tech and Fuzzit
Friday, June 12, 2020 by Brittany Hainzinger
GitLab announced it has acquired Peach Tech and Fuzzit. These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing. This makes GitLab’s DevSecOps offering the first security solution to offer both coverage-guided and behavioral fuzz testing techniques as well as the fi...
Docker and Snyk partner to deliver container vulnerability scanning
Wednesday, May 20, 2020 by Brittany Hainzinger
Docker has partnered with Snyk to deliver native vulnerability scanning of container images in Docker. Together, Docker and Snyk will provide a streamlined workflow that makes the application development process more secure for millions of developers, allowing them to more quickly and confidently build secure applications as an automated part of their toolchain.
Fourth annual DevSecOps survey from Gitlab
Monday, May 18, 2020 by Brittany Hainzinger
GitLab released the results of its fourth annual DevSecOps survey uncovering how roles across software development teams have changed as more teams adopt DevOps. The survey of over 3,650 respondents from 21 countries worldwide found that rising rates of DevOps adoption and implementation of new tools has led to sweeping changes in job functions, tool choices and or...
How gamifying security improves cooperation with developers
Monday, May 11, 2020 by Ante Gulam
Scaling security across development challenges the most seasoned professionals. Regardless of company size or industry, risks can no longer be comfortably managed across an organization as a centralized function. Security leaders need people in other departments to understand risks and help their teams remediate and reduce them for security to be successful. Last month,...
Improve DevOps processes with API catalog
Thursday, March 26, 2020 by Richard Harris
One of the biggest trends in DevOps is the “shift left” approach when it comes to security, so much so that security conferences now host developer days, developer conferences host security days, and the two have melded into DevSecOps. But pragmatically, how do you implement security earlier into your development cycles? According to CloudVector VP of Engine...
Container runtime scanning open source software launched by Portshift
Thursday, March 26, 2020 by Brittany Hainzinger
Portshift introduced Kubei Open Source container scanning software. Kubei is a unique open source Kubernetes runtime images scanning solution, presented to invite developer collaboration for the hardening of runtime environments. Kubei identifies which pods were built from vulnerable images or contain newly discovered vulnerabilities, then it couples the Kubernetes info...
MyPrivacy app has officially launched
Tuesday, March 3, 2020 by Brittany Hainzinger
MyPrivacy has officially launched. The breakthrough product, which was built to make privacy vulnerabilities easy to manage for the average user, is a one-stop app that offers a VPN, App Lock, Password Manager, Private Browser, Photo Vault, and Social Permissions Manager sharing a simple, user-friendly platform.
The app has already been downloaded over 300,000 since ...
Iowa caucus app woes from a developer perspective
Friday, February 21, 2020 by Richard Harris
Whether the issues behind the Iowa Democratic Caucus app debacle were specific to UX, connectivity, traffic, or just good ol’ fashioned reluctance to embrace the technology, the ramifications of this mess will be felt for a long time – the hanging chad of the new decade. So are apps out? Absolutely not, but things are going to have to change.
Linux and LISH release census for open source security
Wednesday, February 19, 2020 by Brittany Hainzinger
The Linux Foundation’s Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH), announced the release of ‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.
This Census II analysis and report represent important steps towards understanding and addressing structural and s...
Dangers of quantum hacking
Tuesday, February 11, 2020 by Richard Harris
Active Cypher has built a password-hacking quantum computer to demonstrate the dangers of quantum hacking.
Using $600 worth of hardware parts easily purchased online or at a local electronics store, Active Cypher’s founder and CTO, Dan Gleason, created a portable quantum computer dubbed QUBY (named after qubits, the basic unit of quantum information). QUBY runs...
Microsoft DART team tracks 77k active web shells
Thursday, February 6, 2020 by Brittany Hainzinger
In a blog post promoting the capabilities of its commercial security platform, Microsoft said that on a daily basis the company's security team detects and tracks on average around 77,000 active web shells, spread across 46,000 infected servers.
According to ZDNet, these numbers are staggering, since the 77,000 figure is far larger than any previous reports about...
Best Practices for Kubernetes deployments from Portshift
Monday, January 27, 2020 by Richard Harris
Portshift presents five security best practices for DevOps and development professionals managing Kubernetes deployments. Integrating these security measures into the CI/CD pipeline will assist organizations in the detection and remediation of security issues earlier in the development process, allowing faster and shorter cycles while assuring safe and secure deployment...
Booz Allen introduces Modzy AI platform
Monday, November 11, 2019 by Freeman Lightner
Booz Allen combined its deep domain and technical expertise in complex AI engagements with leading AI software companies to introduce Modzy, an enterprise AI software product designed for rapid deployment, management, and governance of AI models at scale.
Modzy is an AI platform and marketplace with embedded security, adversarial defense, and governance to operationa...
Evolve VM showcasing at Microsoft Ignite
Thursday, November 7, 2019 by Brittany Hainzinger
Adaptiva announced that it will showcase Evolve VM at Microsoft Ignite. This groundbreaking, complete vulnerability life cycle product automatically assesses endpoints for thousands of vulnerability, compliance, and health issues and instantly remediates them as soon as they are detected. Utilizing NIST's National Vulnerability Database and National Checklist Progra...
IBM's z15 launches with Data Privacy Passports
Friday, September 13, 2019 by Freeman Lightner
Against a backdrop of global privacy breaches, with the cost of each security breach in the U.S. clocking in on avg $8.2 million, IBM launched "z15", the enterprise platform that delivers the ability to fully manage the privacy of customer data across hybrid and multi-cloud environments.
As part of the launch, IBM is announcing Data Privacy Passports, ...
Zeroday vulnerability announced byMcAfee at Defcon
Monday, August 19, 2019 by Richard Harris
At DEFCON, McAfee has announced the discovery of a zero-day vulnerability in a commonly used Delta industrial control system.
The vulnerability found in the Delta enteliBUS Manager could allow malicious actors complete control of the operating system, enabling remote manipulation of access control systems, boiler rooms, temperature control for critical systems and mo...
Cloud computing security report 2019 is out from CSA
Thursday, August 8, 2019 by Richard Harris
The Cloud Security Alliance (CSA) defines standards, certifications, and best practices to help ensure a secure cloud computing environment. The CSA has released "Top Threats to Cloud Computing: The Egregious Eleven", a report which re-examines the risks inherent with cloud security and takes a new approach, examining the problems inherent in configu...
Warnings for aircraft cybersecurity
Thursday, August 1, 2019 by Brittany Hainzinger
The Department of Homeland Security issued a security alert for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft. Engine readings, compass data, altitude and other readings “could all be manipulated to provide false measurements to the pilot,” according to the DHS alert.&nbs...
Gitlab 12.0 released
Friday, June 28, 2019 by Christian Hargrave
GitLab is releasing 12.0 to help enterprises transform and accelerate DevOps adoption by bringing developers, operations professionals, and the security team together in the first single application for the entire DevSecOps lifecycle. With the 12.0 release, GitLab is building upon security features recently released - such as security dashboards, auto remediation and se...
Acronis gives developers early access to new cyber platform
Monday, April 29, 2019 by Brittany Hainzinger
Acronis announced the opening of its core platforms, enabling broad, third-party developer access to the Acronis Cyber Platform to encourage expanded functionality and application integrations while expanding their opportunities in Acronis’ large ecosystem.
The Acronis Cyber Platform, which is the foundation of the company’s existing services, features a ...
WordPress plugin vulnerabilities are a hackers playground
Wednesday, April 10, 2019 by Bryan Becker
What do TechCrunch, BBC America, PlayStation and MTV News all have in common?
Each of their websites is powered by WordPress.
Over 74.6 million, or roughly 30 percent, of the world’s websites, depend on WordPress to power their online platforms. Every second there are over six new WordPress.com posts and over 47,000 plugins, with the number growing daily. Wh...
API security testing just got easier with 42Crunch's new scanner
Thursday, March 21, 2019 by Richard Harris
42Crunch officially released the 42Crunch API Platform, an API security cloud platform to discover vulnerabilities in APIs and protect them from attack. The 42Crunch Platform can protect SaaS, Web, or IoT APIs, as well as microservices.
This follows the launch of the free API Contract Security Audit tool at APISecurity.io earlier this month. The tool helps API d...
Software engineer happiness matters
Tuesday, February 19, 2019 by Bart Copeland
In the never-ending quest for greater developer productivity, security and compliance usually seem like monkey wrenches in the machinery. These aspects of development are essential, but they can slow down the flow of work and frustrate developers.
Security and compliance dog the whole software development process, from the too-often-forgotten build engineering team, ...
Videoselfie authentication tool launches
Tuesday, February 19, 2019 by Richard Harris
Jumio announced the launch of Jumio Authentication, a new video-selfie authentication that uses biometrics for user authentication, that could be ideal for account logins and high-risk scenarios (e.g., logging in from a foreign IP address or authorizing high-risk transactions such as wire transfers and online purchases). Secure selfie authentication can also be use...
Why app analytics tools can get your app removed
Friday, February 8, 2019 by Richard Harris
Apple has recently started to crack down on developers that aren’t disclosing how they are capturing analytics from their users, as reported by Techcrunch and a few other sources. Analytics that includes everything from taps and swipes, to what screens users are on, length of time inside apps, and more. Some embedded SDK's developer use even record user sessio...