vulnerability

vulnerability news search results

Developer news items we found relating to vulnerability

35 results
How-DevOps-will-change-in-2021

How DevOps will change in 2021


Saturday, January 9, 2021 by

DevOps will become much more security-aware. We’ll see greater attention paid to the newly expanded surface area created in the practice of DevOps and how to proactively protect against vulnerabilities in DevOps. How DevOps will change in 2021 and the Impact from it First, IT Ops and DevOps teams will need to reorient their processes to one that unifies...


Trump-and-Biden-app-vulnerabilities-raise-concern

Trump and Biden app vulnerabilities raise concern


Thursday, October 22, 2020 by

With election season upon us, the US population is being inundated by candidate and proposition propaganda from a variety of sources – including television, the US mail, and mobile device apps. As annoying as this flood of information is at times, it’s important to understand that when it comes to these popular apps, and in fact all apps, if certain security...


GitLab-acquires-Peach-Tech-and-Fuzzit

GitLab acquires Peach Tech and Fuzzit


Friday, June 12, 2020 by

GitLab announced it has acquired Peach Tech and Fuzzit. These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing. This makes GitLab’s DevSecOps offering the first security solution to offer both coverage-guided and behavioral fuzz testing techniques as well as the fi...


CircleCI-updates-platform-to-enhance-speed-and-efficiency

CircleCI updates platform to enhance speed and efficiency


Wednesday, May 27, 2020 by

CircleCI announced updates to its continuous integration and continuous delivery platform that will help developers build, test and deploy code faster and with ease. The updates include an enhanced web user interface, new insights capabilities, and upgrades to convenience images, CircleCI’s fleet of pre-packaged Docker images. These additions come on the heels ...


Docker-and-Snyk-partner-to-deliver-container-vulnerability-scanning

Docker and Snyk partner to deliver container vulnerability scanning


Wednesday, May 20, 2020 by

Docker has partnered with Snyk to deliver native vulnerability scanning of container images in Docker. Together, Docker and Snyk will provide a streamlined workflow that makes the application development process more secure for millions of developers, allowing them to more quickly and confidently build secure applications as an automated part of their toolchain. ...


Fourth-annual-DevSecOps-survey-from-Gitlab

Fourth annual DevSecOps survey from Gitlab


Monday, May 18, 2020 by

GitLab released the results of its fourth annual DevSecOps survey uncovering how roles across software development teams have changed as more teams adopt DevOps. The survey of over 3,650 respondents from 21 countries worldwide found that rising rates of DevOps adoption and implementation of new tools has led to sweeping changes in job functions, tool choices and or...


How-gamifying-security-improves-cooperation-with-developers

How gamifying security improves cooperation with developers


Monday, May 11, 2020 by

Scaling security across development challenges the most seasoned professionals. Regardless of company size or industry, risks can no longer be comfortably managed across an organization as a centralized function. Security leaders need people in other departments to understand risks and help their teams remediate and reduce them for security to be successful. Last month,...


New-features-from-WSO2-API-Manager

New features from WSO2 API Manager


Friday, April 10, 2020 by

APIs are the core building blocks of digital businesses—assembling data, events and services from within the organization, throughout ecosystems, and across devices. This is driving demands to maximize adoption and reuse across internal and external portals and API marketplaces; ensure API security; and support modern architectures, including containers, microserv...


Container-runtime-scanning-open-source-software-launched-by-Portshift

Container runtime scanning open source software launched by Portshift


Thursday, March 26, 2020 by

Portshift introduced Kubei Open Source container scanning software. Kubei is a unique open source Kubernetes runtime images scanning solution, presented to invite developer collaboration for the hardening of runtime environments. Kubei identifies which pods were built from vulnerable images or contain newly discovered vulnerabilities, then it couples the Kubernetes info...


Brainly-appoints-new-Chief-Product-Officer

Brainly appoints new Chief Product Officer


Tuesday, January 28, 2020 by

Brainly recently appointed Rajesh Bysani as its new Chief Product Officer (CPO). While Brainly has succeeded at establishing itself as one of the United States’ leading digital education resources, last school year the platform achieved a major landmark in its global growth: it now reaches 15 million monthly users in the U.S., which means that 20% or one-fifth ...


How-cloud-computing-is-changing-the-developer-world

How cloud computing is changing the developer world


Thursday, January 2, 2020 by

Cloud computing is continuing to change the way the world builds and interacts with technology, and the developers that make that possible are under more pressure than ever to keep innovating and pushing boundaries. With the launch of the latest version of its Cloud Pak for Data, IBM is helping them do just that, all while prioritizing what matters most: data privacy an...


StrandHogg-Android-vulnerability-identified

StrandHogg Android vulnerability identified


Thursday, December 5, 2019 by

Promon, a Norwegian app security company, has identified tangible evidence of a dangerous Android vulnerability that allows malware to pose as any legitimate app, granting hackers access to private SMS’ and photos, steal victims’ log-in credentials, track movements, make and/or record phone conversations, and spy through a phone’s camera and microphone...


Evolve-VM-showcasing-at-Microsoft-Ignite

Evolve VM showcasing at Microsoft Ignite


Thursday, November 7, 2019 by

Adaptiva announced that it will showcase Evolve VM at Microsoft Ignite. This groundbreaking, complete vulnerability life cycle product automatically assesses endpoints for thousands of vulnerability, compliance, and health issues and instantly remediates them as soon as they are detected. Utilizing NIST's National Vulnerability Database and National Checklist Progra...


Build-applications-at-speed-with-Cohesity-Agile-Dev

Build applications at speed with Cohesity Agile Dev


Thursday, September 12, 2019 by

Cohesity has announced the launch of Cohesity Agile Dev and Test, a new solution that addresses key bottlenecks organizations face in building applications at speed. It moves away from the request-fulfill model where developers request access to production-grade data and wait sometimes weeks for IT operations teams to provide the data needed to build...


Zeroday-vulnerability-announced-byMcAfee-at-Defcon

Zeroday vulnerability announced byMcAfee at Defcon


Monday, August 19, 2019 by

At DEFCON, McAfee has announced the discovery of a zero-day vulnerability in a commonly used Delta industrial control system. The vulnerability found in the Delta enteliBUS Manager could allow malicious actors complete control of the operating system, enabling remote manipulation of access control systems, boiler rooms, temperature control for critical systems and mo...


Testing-software-updates-with-production-traffic

Testing software updates with production traffic


Thursday, July 18, 2019 by

Test and development cycles have significantly changed under the DevOps model. To remain competitive, software developers must continually release new application features. They’re sometimes pushing out code updates as fast as they are writing them. This is a significant change from how software and dev teams traditionally operated. It used to be that teams could ...


New-intelligence-suite-aims-to-help-tackle-problems-with-growing-IT

New intelligence suite aims to help tackle problems with growing IT


Friday, July 12, 2019 by

Snow Software announced a new suite of offerings to better empower customers to address their growing IT operations, cloud shift and digital transformation challenges. This new set of offerings is aligned to strategic business outcomes, providing customers with product choices that will better meet their unique needs now and in the future. “The market has evolv...


WordPress-plugin-vulnerabilities-are-a-hackers-playground

WordPress plugin vulnerabilities are a hackers playground


Wednesday, April 10, 2019 by

What do TechCrunch, BBC America, PlayStation and MTV News all have in common? Each of their websites is powered by WordPress. Over 74.6 million, or roughly 30 percent, of the world’s websites, depend on WordPress to power their online platforms. Every second there are over six new WordPress.com posts and over 47,000 plugins, with the number growing daily. Wh...


Making-things-easy-for-the-developer-is-ActiveState

Making things easy for the developer is ActiveState's mission


Tuesday, April 2, 2019 by

ActiveState added enhancements to its ActiveState Platform, a SaaS offering, benefiting contributors, maintainers and users facing challenges with Python and other open source languages. The new features will give ActiveState Platform account holders the flexibility to fork an existing language distribution and install it into a virtual environment. Developers elimin...


CommunityBridge-gives-better-visibility-into-open-source-code

CommunityBridge gives better visibility into open source code


Monday, March 18, 2019 by

The Linux Foundation has launched CommunityBridge, a platform that aims to empower developers and the individuals and organizations who support them, to advance sustainability, security, and diversity in open source technology. With the help of source{d}, the Linux Foundation will be able to provide the Open Source community with greater visibility into each projec...


Software-engineer-happiness-matters

Software engineer happiness matters


Tuesday, February 19, 2019 by

In the never-ending quest for greater developer productivity, security and compliance usually seem like monkey wrenches in the machinery. These aspects of development are essential, but they can slow down the flow of work and frustrate developers. Security and compliance dog the whole software development process, from the too-often-forgotten build engineering team, ...


Mesh-networking-security-from-NeuVector-at-IBM-Think-2019

Mesh networking security from NeuVector at IBM Think 2019


Thursday, February 14, 2019 by

NeuVector announced a new platform integration with the Istio and Linkerd2 service meshes that expands NeuVector’s security capabilities for production Kubernetes deployments. The integration - developed in coordination with IBM Cloud and the Istio open source development team - delivers new capabilities for network visibility and threat detection, even for connec...


What-does-the-Kubernetes-privilege-escalation-flaw-mean

What does the Kubernetes privilege escalation flaw mean


Tuesday, December 4, 2018 by

Bringing together powerful applications into containerized services that are open source can have their drawbacks, as recently discovered by the RedHat issued a critical Security Advisory and patches for CVE-2018-1002105, a privilege escalation flaw impacting Kubernetes. Sumo Logic CSO, George Gerchow weighs in: "The Kubernetes vulnerability is a huge deal, even...


AI-for-cybersecurity-

AI for cybersecurity


Tuesday, November 27, 2018 by

As organizations struggle to deal with the growing sophistication of hackers and the influx in data breaches, it's becoming clear that AI could be a critical tool for automatically defending applications from cyber attacks - but there are challenges to overcome. Ivan Novikov, the CEO of AI security company Wallarm, offers some insight below on how AI can be utilized...


Single-Page-Application-security-help

Single Page Application security help


Tuesday, October 23, 2018 by

Single-page applications, or SPAs, are web apps that load a single HTML page and dynamically update that page as the user interacts with the app. Their origins are unclear but the concept was discussed as early as 2003 according to the archives on Wiki. SPAs use AJAX and HTML5 to create fluid and responsive Web apps, without constant page reloads - that literally means,...


GitHub-Actions-and-other-announcements-from-GitHub-Universe

GitHub Actions and other announcements from GitHub Universe


Wednesday, October 17, 2018 by

GitHub, the soon to be acquired by Microsoft company, has always been known for its source code repository capabilities for developers. But why just store the code on a platform when you can run it too?  At its annual developer conference, GitHub Universe, they announced Actions, which is essentially a way to help automate your development workflows. Actions use...


National-Coding-Week-is-here

National Coding Week is here


Monday, September 17, 2018 by

National Coding Week is upon us. That's why we thought it would be great to compile some quotes from industry experts to talk about what they think is most important about learning how to coding - a question seen through many different lenses. “Today, software drives business. So, if an organization wants to excel, it needs to become a software-powered jugg...


Code-security-gamification-company-nabs-$3.5M-in-funding

Code security gamification company nabs $3.5M in funding


Friday, September 14, 2018 by

Secure application development platform provider Secure Code Warrior announced that it has gained US $3.5 million in funding from two strategic venture capital firms. The financing was led by Washington DC-based Paladin Capital Group, with participation from Sydney-based AirTree Ventures. The initial funding round will allow the company to further expand its rapidly gro...


Open-Source-security-comes-to-GitHub

Open Source security comes to GitHub


Thursday, August 16, 2018 by

Sonatype announced Sonatype DepShield, a new GitHub application that enables developers to experience basic open source security governance, free of charge. Powered by Sonatype’s OSS Index, DepShield integrates directly into GitHub repositories and allows developers to easily identify and avoid using open source components with known vulnerabilities. “The...


Key-takeaways-from-CA-Technologies-Built-to-Change-Summit-2018

Key takeaways from CA Technologies Built to Change Summit 2018


Friday, June 8, 2018 by

The CA Technologies’ 2nd annual Built to Change Summit(BTC) lead to the release of a whole bunch of exciting new technology and research projects pertaining to DevOps, GDPR regulations, Agile project management, and more. The overall theme of the event being to make their development platforms “frictionless” for their users, allowing them to create and...


FTP-vulnerabilities-and-what-you-can-do

FTP vulnerabilities and what you can do


Thursday, May 24, 2018 by

File Transfer Protocol or (FTP) for short is old, and when I say old - I mean 1971 old when it was initially published as RFC 114. It defines a way clients can transfer files to a server. Typically gated with a password and either sent clear text, or over SSL/TLS/SFTP, it’s a rock solid way to get files sent to their destination and is widely supported. But in today’s w...


ZipperDown-vulnerability-puts-thousands-of-iOS-apps-at-risk

ZipperDown vulnerability puts thousands of iOS apps at risk


Tuesday, May 22, 2018 by

ZipperDown vulnerability has put at risk potentially thousands of iOS apps on the market. Pangu Lab recently found that a vulnerability previously discovered in OAuth security is now being exploited by hackers to run malicious code on iOS applications. Casey Ellis, CTO of Bugcrowd, recently spoke on the matter, giving an in-depth technical overview of ZipperDown to deve...


What-some-experts-are-saying-about-GDPR

What some experts are saying about GDPR


Friday, May 18, 2018 by

The GDPR bill is causing an uproar in the industry as the compliance date comes ever nearer. Yet few can say they actually know much about the bill that will come into place on May 25th.GDPR, or the General Data Protection Regulation, is an expansion upon the EU’s previous Data Protection Act of 1998, extending the boundary of its territorial mandate from whatever juris...


npm@6-package-manager-brings-new-security-features

npm@6 package manager brings new security features


Wednesday, April 25, 2018 by

npm, Inc. has announced npm@6, a major update to its JavaScript software installer tool with new security features for developers who work with open source code. npm@6 will be included as part of the Node.js v10.x release line, and leverages the assets of the Node Security Platform, the definitive source of JavaScript vulnerabilities, recently acquired by npm, Inc.In an...


Why-developers-run-away-from-security-updates

Why developers run away from security updates


Monday, April 16, 2018 by

Veracode, Inc. has released new data that shines a light on the discrepancy between component security and hygiene. According to the research conducted with Vanson Bourne, only 52 percent of developers using commercial or open source components in their applications update those components when a new security vulnerability is announced. This highlights organizations’ la...