vulnerability

vulnerability news search results

Developer news items we found relating to vulnerability

35 results
Container-runtime-scanning-open-source-software-launched-by-Portshift

Container runtime scanning open source software launched by Portshift


Thursday, March 26, 2020 by

Portshift introduced Kubei Open Source container scanning software. Kubei is a unique open source Kubernetes runtime images scanning solution, presented to invite developer collaboration for the hardening of runtime environments. Kubei identifies which pods were built from vulnerable images or contain newly discovered vulnerabilities, then it couples the Kubernetes info...


Brainly-appoints-new-Chief-Product-Officer

Brainly appoints new Chief Product Officer


Tuesday, January 28, 2020 by

Brainly recently appointed Rajesh Bysani as its new Chief Product Officer (CPO). While Brainly has succeeded at establishing itself as one of the United States’ leading digital education resources, last school year the platform achieved a major landmark in its global growth: it now reaches 15 million monthly users in the U.S., which means that 20% or one-fifth ...


How-cloud-computing-is-changing-the-developer-world

How cloud computing is changing the developer world


Thursday, January 2, 2020 by

Cloud computing is continuing to change the way the world builds and interacts with technology, and the developers that make that possible are under more pressure than ever to keep innovating and pushing boundaries. With the launch of the latest version of its Cloud Pak for Data, IBM is helping them do just that, all while prioritizing what matters most: data privacy an...


StrandHogg-Android-vulnerability-identified

StrandHogg Android vulnerability identified


Thursday, December 5, 2019 by

Promon, a Norwegian app security company, has identified tangible evidence of a dangerous Android vulnerability that allows malware to pose as any legitimate app, granting hackers access to private SMS’ and photos, steal victims’ log-in credentials, track movements, make and/or record phone conversations, and spy through a phone’s camera and microphone...


Evolve-VM-showcasing-at-Microsoft-Ignite

Evolve VM showcasing at Microsoft Ignite


Thursday, November 7, 2019 by

Adaptiva announced that it will showcase Evolve VM at Microsoft Ignite. This groundbreaking, complete vulnerability life cycle product automatically assesses endpoints for thousands of vulnerability, compliance, and health issues and instantly remediates them as soon as they are detected. Utilizing NIST's National Vulnerability Database and National Checklist Progra...


Build-applications-at-speed-with-Cohesity-Agile-Dev

Build applications at speed with Cohesity Agile Dev


Thursday, September 12, 2019 by

Cohesity has announced the launch of Cohesity Agile Dev and Test, a new solution that addresses key bottlenecks organizations face in building applications at speed. It moves away from the request-fulfill model where developers request access to production-grade data and wait sometimes weeks for IT operations teams to provide the data needed to build...


Zeroday-vulnerability-announced-byMcAfee-at-Defcon

Zeroday vulnerability announced byMcAfee at Defcon


Monday, August 19, 2019 by

At DEFCON, McAfee has announced the discovery of a zero-day vulnerability in a commonly used Delta industrial control system. The vulnerability found in the Delta enteliBUS Manager could allow malicious actors complete control of the operating system, enabling remote manipulation of access control systems, boiler rooms, temperature control for critical systems and mo...


Testing-software-updates-with-production-traffic

Testing software updates with production traffic


Thursday, July 18, 2019 by

Test and development cycles have significantly changed under the DevOps model. To remain competitive, software developers must continually release new application features. They’re sometimes pushing out code updates as fast as they are writing them. This is a significant change from how software and dev teams traditionally operated. It used to be that teams could ...


New-intelligence-suite-aims-to-help-tackle-problems-with-growing-IT

New intelligence suite aims to help tackle problems with growing IT


Friday, July 12, 2019 by

Snow Software announced a new suite of offerings to better empower customers to address their growing IT operations, cloud shift and digital transformation challenges. This new set of offerings is aligned to strategic business outcomes, providing customers with product choices that will better meet their unique needs now and in the future. “The market has evolv...


WordPress-plugin-vulnerabilities-are-a-hackers-playground

WordPress plugin vulnerabilities are a hackers playground


Wednesday, April 10, 2019 by

What do TechCrunch, BBC America, PlayStation and MTV News all have in common? Each of their websites is powered by WordPress. Over 74.6 million, or roughly 30 percent, of the world’s websites, depend on WordPress to power their online platforms. Every second there are over six new WordPress.com posts and over 47,000 plugins, with the number growing daily. Wh...


Making-things-easy-for-the-developer-is-ActiveState

Making things easy for the developer is ActiveState's mission


Tuesday, April 2, 2019 by

ActiveState added enhancements to its ActiveState Platform, a SaaS offering, benefiting contributors, maintainers and users facing challenges with Python and other open source languages. The new features will give ActiveState Platform account holders the flexibility to fork an existing language distribution and install it into a virtual environment. Developers elimin...


CommunityBridge-gives-better-visibility-into-open-source-code

CommunityBridge gives better visibility into open source code


Monday, March 18, 2019 by

The Linux Foundation has launched CommunityBridge, a platform that aims to empower developers and the individuals and organizations who support them, to advance sustainability, security, and diversity in open source technology. With the help of source{d}, the Linux Foundation will be able to provide the Open Source community with greater visibility into each projec...


Software-engineer-happiness-matters

Software engineer happiness matters


Tuesday, February 19, 2019 by

In the never-ending quest for greater developer productivity, security and compliance usually seem like monkey wrenches in the machinery. These aspects of development are essential, but they can slow down the flow of work and frustrate developers. Security and compliance dog the whole software development process, from the too-often-forgotten build engineering team, ...


Mesh-networking-security-from-NeuVector-at-IBM-Think-2019

Mesh networking security from NeuVector at IBM Think 2019


Thursday, February 14, 2019 by

NeuVector announced a new platform integration with the Istio and Linkerd2 service meshes that expands NeuVector’s security capabilities for production Kubernetes deployments. The integration - developed in coordination with IBM Cloud and the Istio open source development team - delivers new capabilities for network visibility and threat detection, even for connec...


What-does-the-Kubernetes-privilege-escalation-flaw-mean

What does the Kubernetes privilege escalation flaw mean


Tuesday, December 4, 2018 by

Bringing together powerful applications into containerized services that are open source can have their drawbacks, as recently discovered by the RedHat issued a critical Security Advisory and patches for CVE-2018-1002105, a privilege escalation flaw impacting Kubernetes. Sumo Logic CSO, George Gerchow weighs in: "The Kubernetes vulnerability is a huge deal, even...


AI-for-cybersecurity-

AI for cybersecurity


Tuesday, November 27, 2018 by

As organizations struggle to deal with the growing sophistication of hackers and the influx in data breaches, it's becoming clear that AI could be a critical tool for automatically defending applications from cyber attacks - but there are challenges to overcome. Ivan Novikov, the CEO of AI security company Wallarm, offers some insight below on how AI can be utilized...


Single-Page-Application-security-help

Single Page Application security help


Tuesday, October 23, 2018 by

Single-page applications, or SPAs, are web apps that load a single HTML page and dynamically update that page as the user interacts with the app. Their origins are unclear but the concept was discussed as early as 2003 according to the archives on Wiki. SPAs use AJAX and HTML5 to create fluid and responsive Web apps, without constant page reloads - that literally means,...


GitHub-Actions-and-other-announcements-from-GitHub-Universe

GitHub Actions and other announcements from GitHub Universe


Wednesday, October 17, 2018 by

GitHub, the soon to be acquired by Microsoft company, has always been known for its source code repository capabilities for developers. But why just store the code on a platform when you can run it too?  At its annual developer conference, GitHub Universe, they announced Actions, which is essentially a way to help automate your development workflows. Actions use...


National-Coding-Week-is-here

National Coding Week is here


Monday, September 17, 2018 by

National Coding Week is upon us. That's why we thought it would be great to compile some quotes from industry experts to talk about what they think is most important about learning how to coding - a question seen through many different lenses. “Today, software drives business. So, if an organization wants to excel, it needs to become a software-powered jugg...


Code-security-gamification-company-nabs-$3.5M-in-funding

Code security gamification company nabs $3.5M in funding


Friday, September 14, 2018 by

Secure application development platform provider Secure Code Warrior announced that it has gained US $3.5 million in funding from two strategic venture capital firms. The financing was led by Washington DC-based Paladin Capital Group, with participation from Sydney-based AirTree Ventures. The initial funding round will allow the company to further expand its rapidly gro...


Open-Source-security-comes-to-GitHub

Open Source security comes to GitHub


Thursday, August 16, 2018 by

Sonatype announced Sonatype DepShield, a new GitHub application that enables developers to experience basic open source security governance, free of charge. Powered by Sonatype’s OSS Index, DepShield integrates directly into GitHub repositories and allows developers to easily identify and avoid using open source components with known vulnerabilities. “The...


Key-takeaways-from-CA-Technologies-Built-to-Change-Summit-2018

Key takeaways from CA Technologies Built to Change Summit 2018


Friday, June 8, 2018 by

The CA Technologies’ 2nd annual Built to Change Summit(BTC) lead to the release of a whole bunch of exciting new technology and research projects pertaining to DevOps, GDPR regulations, Agile project management, and more. The overall theme of the event being to make their development platforms “frictionless” for their users, allowing them to create and...


FTP-vulnerabilities-and-what-you-can-do

FTP vulnerabilities and what you can do


Thursday, May 24, 2018 by

File Transfer Protocol or (FTP) for short is old, and when I say old - I mean 1971 old when it was initially published as RFC 114. It defines a way clients can transfer files to a server. Typically gated with a password and either sent clear text, or over SSL/TLS/SFTP, it’s a rock solid way to get files sent to their destination and is widely supported. But in today’s w...


ZipperDown-vulnerability-puts-thousands-of-iOS-apps-at-risk

ZipperDown vulnerability puts thousands of iOS apps at risk


Tuesday, May 22, 2018 by

ZipperDown vulnerability has put at risk potentially thousands of iOS apps on the market. Pangu Lab recently found that a vulnerability previously discovered in OAuth security is now being exploited by hackers to run malicious code on iOS applications. Casey Ellis, CTO of Bugcrowd, recently spoke on the matter, giving an in-depth technical overview of ZipperDown to deve...


What-some-experts-are-saying-about-GDPR

What some experts are saying about GDPR


Friday, May 18, 2018 by

The GDPR bill is causing an uproar in the industry as the compliance date comes ever nearer. Yet few can say they actually know much about the bill that will come into place on May 25th.GDPR, or the General Data Protection Regulation, is an expansion upon the EU’s previous Data Protection Act of 1998, extending the boundary of its territorial mandate from whatever juris...


npm@6-package-manager-brings-new-security-features

npm@6 package manager brings new security features


Wednesday, April 25, 2018 by

npm, Inc. has announced npm@6, a major update to its JavaScript software installer tool with new security features for developers who work with open source code. npm@6 will be included as part of the Node.js v10.x release line, and leverages the assets of the Node Security Platform, the definitive source of JavaScript vulnerabilities, recently acquired by npm, Inc.In an...


Why-developers-run-away-from-security-updates

Why developers run away from security updates


Monday, April 16, 2018 by

Veracode, Inc. has released new data that shines a light on the discrepancy between component security and hygiene. According to the research conducted with Vanson Bourne, only 52 percent of developers using commercial or open source components in their applications update those components when a new security vulnerability is announced. This highlights organizations’ la...


Forrester-recognizes-Prevoty-for-it

Forrester recognizes Prevoty for it's RASP


Monday, April 2, 2018 by

Prevoty is cited as the leader of runtime application self-protection (RASP) technologies in The Forrester New Wave: Runtime Application Self-Protection, Q1 2018, released recently. Analysts from the influential research and advisory firm evaluated the eight most significant RASP vendors, interviewed customers, received demonstrations, and measured each solution against...


DigiCert-reaches-milestone-for-replacing-Symantec-certs

DigiCert reaches milestone for replacing Symantec certs


Tuesday, March 20, 2018 by

DigiCert Inc. announced a major milestone: less than 1 percent of the top 1 million sites have yet to replace Symantec-issued certificates affected by upcoming browser distrust action. Mozilla released figures from its latest telemetry report earlier this week showing 1 percent with certificates to be untrusted.For site owners still affected by beta releases of Firefox ...


Sonatype-expands-firewall-to-stop-dev-vulnerabilities

Sonatype expands firewall to stop dev vulnerabilities


Friday, March 9, 2018 by

Sonatype has announced that the Nexus Firewall is now available to support the more than 10 million developers currently using the open source version of Nexus Repository. Previously only available to commercial users of Nexus Repository Pro, the newest version of Nexus Firewall gives all Nexus Repo users the ability to automatically stop vulnerable open source componen...


BlackBerry-securing-IoT-devices-in-new-licensing-deal

BlackBerry securing IoT devices in new licensing deal


Thursday, March 8, 2018 by

BlackBerry Limited has announced it has signed a technology and brand licensing deal for “BlackBerry Secure” with Swiss consumer electronics maker, Punkt Tronics AG. The new agreement enables Punkt to bring to market a range of highly-secure products which will embed BlackBerry cybersecurity technology, be certified as BlackBerry Secure, and be shipped ready to safely a...


Creating-an-app-on-Blockchain-technology-using-JavaScript

Creating an app on Blockchain technology using JavaScript


Thursday, February 15, 2018 by

As Blockchain technology comes into its own, it is becoming increasingly important for software developers and programmers to acquaint themselves with the benefits which blockchain can provide the architects and users of digital platforms and applications.Lisk is an application platform whose Software Development Kit allows users to code in JavaScript to build Blockchai...


Enterprises-need-a-software-security-program

Enterprises need a software security program


Tuesday, January 30, 2018 by

The answer to the “why” enterprises need a software security program question is pretty straightforward. There are no circumstances under which any but the smallest firms can expect a collection of independent activities - a pen test here, an hour of training there, some free tools that may or may not work as advertised - will consistently result in appropriately secure...


Most-cryptocurrency-mobile-apps-are-vulnerable

Most cryptocurrency mobile apps are vulnerable


Thursday, November 30, 2017 by

Over 1,300 crypto currencies exist today with over $300 Billion market capitalization. One of the most popular and oldest cryptocurrency - Bitcoin has almost reached $10,000 price after several months of fluctuation, but continuous and steady growth.A wide spectrum of mobile applications for cryptocurrencies were released during the last few years by various startups, i...


Flexera-issues-warning-about-Cyberattacks

Flexera issues warning about Cyberattacks


Tuesday, October 24, 2017 by

As 143 million Equifax consumers continue to pick up the pieces from stolen Social Security numbers, birth dates, drivers’ licenses, addresses and credit card numbers, Flexera has another warning - expect a long tail of incidents and breaches in the months and years to come.Flexera surveyed over 400 software suppliers, Internet of Things (IoT) manufacturers and in-house...