Container runtime scanning open source software launched by Portshift
Thursday, March 26, 2020 by Brittany Hainzinger
Portshift introduced Kubei Open Source container scanning software. Kubei is a unique open source Kubernetes runtime images scanning solution, presented to invite developer collaboration for the hardening of runtime environments. Kubei identifies which pods were built from vulnerable images or contain newly discovered vulnerabilities, then it couples the Kubernetes info...
Brainly appoints new Chief Product Officer
Tuesday, January 28, 2020 by Brittany Hainzinger
Brainly recently appointed Rajesh Bysani as its new Chief Product Officer (CPO).
While Brainly has succeeded at establishing itself as one of the United States’ leading digital education resources, last school year the platform achieved a major landmark in its global growth: it now reaches 15 million monthly users in the U.S., which means that 20% or one-fifth ...
How cloud computing is changing the developer world
Thursday, January 2, 2020 by Richard Harris
Cloud computing is continuing to change the way the world builds and interacts with technology, and the developers that make that possible are under more pressure than ever to keep innovating and pushing boundaries. With the launch of the latest version of its Cloud Pak for Data, IBM is helping them do just that, all while prioritizing what matters most: data privacy an...
StrandHogg Android vulnerability identified
Thursday, December 5, 2019 by Freeman Lightner
Promon, a Norwegian app security company, has identified tangible evidence of a dangerous Android vulnerability that allows malware to pose as any legitimate app, granting hackers access to private SMS’ and photos, steal victims’ log-in credentials, track movements, make and/or record phone conversations, and spy through a phone’s camera and microphone...
Evolve VM showcasing at Microsoft Ignite
Thursday, November 7, 2019 by Brittany Hainzinger
Adaptiva announced that it will showcase Evolve VM at Microsoft Ignite. This groundbreaking, complete vulnerability life cycle product automatically assesses endpoints for thousands of vulnerability, compliance, and health issues and instantly remediates them as soon as they are detected. Utilizing NIST's National Vulnerability Database and National Checklist Progra...
Build applications at speed with Cohesity Agile Dev
Thursday, September 12, 2019 by Freeman Lightner
Cohesity has announced the launch of Cohesity Agile Dev and Test, a new solution that addresses key bottlenecks organizations face in building applications at speed. It moves away from the request-fulfill model where developers request access to production-grade data and wait sometimes weeks for IT operations teams to provide the data needed to build...
Zeroday vulnerability announced byMcAfee at Defcon
Monday, August 19, 2019 by Richard Harris
At DEFCON, McAfee has announced the discovery of a zero-day vulnerability in a commonly used Delta industrial control system.
The vulnerability found in the Delta enteliBUS Manager could allow malicious actors complete control of the operating system, enabling remote manipulation of access control systems, boiler rooms, temperature control for critical systems and mo...
Testing software updates with production traffic
Thursday, July 18, 2019 by Robert Ross
Test and development cycles have significantly changed under the DevOps model. To remain competitive, software developers must continually release new application features. They’re sometimes pushing out code updates as fast as they are writing them. This is a significant change from how software and dev teams traditionally operated. It used to be that teams could ...
New intelligence suite aims to help tackle problems with growing IT
Friday, July 12, 2019 by Brittany Hainzinger
Snow Software announced a new suite of offerings to better empower customers to address their growing IT operations, cloud shift and digital transformation challenges. This new set of offerings is aligned to strategic business outcomes, providing customers with product choices that will better meet their unique needs now and in the future.
“The market has evolv...
WordPress plugin vulnerabilities are a hackers playground
Wednesday, April 10, 2019 by Bryan Becker
What do TechCrunch, BBC America, PlayStation and MTV News all have in common?
Each of their websites is powered by WordPress.
Over 74.6 million, or roughly 30 percent, of the world’s websites, depend on WordPress to power their online platforms. Every second there are over six new WordPress.com posts and over 47,000 plugins, with the number growing daily. Wh...
Making things easy for the developer is ActiveState's mission
Tuesday, April 2, 2019 by Christian Hargrave
ActiveState added enhancements to its ActiveState Platform, a SaaS offering, benefiting contributors, maintainers and users facing challenges with Python and other open source languages.
The new features will give ActiveState Platform account holders the flexibility to fork an existing language distribution and install it into a virtual environment. Developers elimin...
CommunityBridge gives better visibility into open source code
Monday, March 18, 2019 by Christian Hargrave
The Linux Foundation has launched CommunityBridge, a platform that aims to empower developers and the individuals and organizations who support them, to advance sustainability, security, and diversity in open source technology. With the help of source{d}, the Linux Foundation will be able to provide the Open Source community with greater visibility into each projec...
Software engineer happiness matters
Tuesday, February 19, 2019 by Bart Copeland
In the never-ending quest for greater developer productivity, security and compliance usually seem like monkey wrenches in the machinery. These aspects of development are essential, but they can slow down the flow of work and frustrate developers.
Security and compliance dog the whole software development process, from the too-often-forgotten build engineering team, ...
Mesh networking security from NeuVector at IBM Think 2019
Thursday, February 14, 2019 by Richard Harris
NeuVector announced a new platform integration with the Istio and Linkerd2 service meshes that expands NeuVector’s security capabilities for production Kubernetes deployments. The integration - developed in coordination with IBM Cloud and the Istio open source development team - delivers new capabilities for network visibility and threat detection, even for connec...
What does the Kubernetes privilege escalation flaw mean
Tuesday, December 4, 2018 by Richard Harris
Bringing together powerful applications into containerized services that are open source can have their drawbacks, as recently discovered by the RedHat issued a critical Security Advisory and patches for CVE-2018-1002105, a privilege escalation flaw impacting Kubernetes.
Sumo Logic CSO, George Gerchow weighs in: "The Kubernetes vulnerability is a huge deal, even...
AI for cybersecurity
Tuesday, November 27, 2018 by Richard Harris
As organizations struggle to deal with the growing sophistication of hackers and the influx in data breaches, it's becoming clear that AI could be a critical tool for automatically defending applications from cyber attacks - but there are challenges to overcome. Ivan Novikov, the CEO of AI security company Wallarm, offers some insight below on how AI can be utilized...
Single Page Application security help
Tuesday, October 23, 2018 by Richard Harris
Single-page applications, or SPAs, are web apps that load a single HTML page and dynamically update that page as the user interacts with the app. Their origins are unclear but the concept was discussed as early as 2003 according to the archives on Wiki. SPAs use AJAX and HTML5 to create fluid and responsive Web apps, without constant page reloads - that literally means,...
GitHub Actions and other announcements from GitHub Universe
Wednesday, October 17, 2018 by Richard Harris
GitHub, the soon to be acquired by Microsoft company, has always been known for its source code repository capabilities for developers. But why just store the code on a platform when you can run it too?
At its annual developer conference, GitHub Universe, they announced Actions, which is essentially a way to help automate your development workflows. Actions use...
National Coding Week is here
Monday, September 17, 2018 by Richard Harris
National Coding Week is upon us. That's why we thought it would be great to compile some quotes from industry experts to talk about what they think is most important about learning how to coding - a question seen through many different lenses.
“Today, software drives business. So, if an organization wants to excel, it needs to become a software-powered jugg...
Code security gamification company nabs $3.5M in funding
Friday, September 14, 2018 by Christian Hargrave
Secure application development platform provider Secure Code Warrior announced that it has gained US $3.5 million in funding from two strategic venture capital firms. The financing was led by Washington DC-based Paladin Capital Group, with participation from Sydney-based AirTree Ventures. The initial funding round will allow the company to further expand its rapidly gro...
Open Source security comes to GitHub
Thursday, August 16, 2018 by Richard Harris
Sonatype announced Sonatype DepShield, a new GitHub application that enables developers to experience basic open source security governance, free of charge. Powered by Sonatype’s OSS Index, DepShield integrates directly into GitHub repositories and allows developers to easily identify and avoid using open source components with known vulnerabilities.
“The...
Key takeaways from CA Technologies Built to Change Summit 2018
Friday, June 8, 2018 by Christian Hargrave
The CA Technologies’ 2nd annual Built to Change Summit(BTC) lead to the release of a whole bunch of exciting new technology and research projects pertaining to DevOps, GDPR regulations, Agile project management, and more. The overall theme of the event being to make their development platforms “frictionless” for their users, allowing them to create and...
FTP vulnerabilities and what you can do
Thursday, May 24, 2018 by Richard Harris
File Transfer Protocol or (FTP) for short is old, and when I say old - I mean 1971 old when it was initially published as RFC 114. It defines a way clients can transfer files to a server. Typically gated with a password and either sent clear text, or over SSL/TLS/SFTP, it’s a rock solid way to get files sent to their destination and is widely supported. But in today’s w...
ZipperDown vulnerability puts thousands of iOS apps at risk
Tuesday, May 22, 2018 by Christian Hargrave
ZipperDown vulnerability has put at risk potentially thousands of iOS apps on the market. Pangu Lab recently found that a vulnerability previously discovered in OAuth security is now being exploited by hackers to run malicious code on iOS applications. Casey Ellis, CTO of Bugcrowd, recently spoke on the matter, giving an in-depth technical overview of ZipperDown to deve...
What some experts are saying about GDPR
Friday, May 18, 2018 by Christian Hargrave
The GDPR bill is causing an uproar in the industry as the compliance date comes ever nearer. Yet few can say they actually know much about the bill that will come into place on May 25th.GDPR, or the General Data Protection Regulation, is an expansion upon the EU’s previous Data Protection Act of 1998, extending the boundary of its territorial mandate from whatever juris...
npm@6 package manager brings new security features
Wednesday, April 25, 2018 by Christian Hargrave
npm, Inc. has announced npm@6, a major update to its JavaScript software installer tool with new security features for developers who work with open source code. npm@6 will be included as part of the Node.js v10.x release line, and leverages the assets of the Node Security Platform, the definitive source of JavaScript vulnerabilities, recently acquired by npm, Inc.In an...
Why developers run away from security updates
Monday, April 16, 2018 by Richard Harris
Veracode, Inc. has released new data that shines a light on the discrepancy between component security and hygiene. According to the research conducted with Vanson Bourne, only 52 percent of developers using commercial or open source components in their applications update those components when a new security vulnerability is announced. This highlights organizations’ la...
Forrester recognizes Prevoty for it's RASP
Monday, April 2, 2018 by Richard Harris
Prevoty is cited as the leader of runtime application self-protection (RASP) technologies in The Forrester New Wave: Runtime Application Self-Protection, Q1 2018, released recently. Analysts from the influential research and advisory firm evaluated the eight most significant RASP vendors, interviewed customers, received demonstrations, and measured each solution against...
DigiCert reaches milestone for replacing Symantec certs
Tuesday, March 20, 2018 by Christian Hargrave
DigiCert Inc. announced a major milestone: less than 1 percent of the top 1 million sites have yet to replace Symantec-issued certificates affected by upcoming browser distrust action. Mozilla released figures from its latest telemetry report earlier this week showing 1 percent with certificates to be untrusted.For site owners still affected by beta releases of Firefox ...
Sonatype expands firewall to stop dev vulnerabilities
Friday, March 9, 2018 by Christian Hargrave
Sonatype has announced that the Nexus Firewall is now available to support the more than 10 million developers currently using the open source version of Nexus Repository. Previously only available to commercial users of Nexus Repository Pro, the newest version of Nexus Firewall gives all Nexus Repo users the ability to automatically stop vulnerable open source componen...
BlackBerry securing IoT devices in new licensing deal
Thursday, March 8, 2018 by Christian Hargrave
BlackBerry Limited has announced it has signed a technology and brand licensing deal for “BlackBerry Secure” with Swiss consumer electronics maker, Punkt Tronics AG. The new agreement enables Punkt to bring to market a range of highly-secure products which will embed BlackBerry cybersecurity technology, be certified as BlackBerry Secure, and be shipped ready to safely a...
Creating an app on Blockchain technology using JavaScript
Thursday, February 15, 2018 by Richard Harris
As Blockchain technology comes into its own, it is becoming increasingly important for software developers and programmers to acquaint themselves with the benefits which blockchain can provide the architects and users of digital platforms and applications.Lisk is an application platform whose Software Development Kit allows users to code in JavaScript to build Blockchai...
Enterprises need a software security program
Tuesday, January 30, 2018 by Sammy Migues
The answer to the “why” enterprises need a software security program question is pretty straightforward. There are no circumstances under which any but the smallest firms can expect a collection of independent activities - a pen test here, an hour of training there, some free tools that may or may not work as advertised - will consistently result in appropriately secure...
Most cryptocurrency mobile apps are vulnerable
Thursday, November 30, 2017 by Christian Hargrave
Over 1,300 crypto currencies exist today with over $300 Billion market capitalization. One of the most popular and oldest cryptocurrency - Bitcoin has almost reached $10,000 price after several months of fluctuation, but continuous and steady growth.A wide spectrum of mobile applications for cryptocurrencies were released during the last few years by various startups, i...
Flexera issues warning about Cyberattacks
Tuesday, October 24, 2017 by Christian Hargrave
As 143 million Equifax consumers continue to pick up the pieces from stolen Social Security numbers, birth dates, drivers’ licenses, addresses and credit card numbers, Flexera has another warning - expect a long tail of incidents and breaches in the months and years to come.Flexera surveyed over 400 software suppliers, Internet of Things (IoT) manufacturers and in-house...
