Veracode acquires Longbow Security
Thursday, April 18, 2024 by Freeman Lightner
Veracode announced the acquisition of Longbow Security, a security risk management platform for cloud-native environments. The acquisition marks the next exciting phase of Veracode, underscoring the company’s commitment to help organizations effectively manage and reduce application risk across the growing attack surface.
The integration of Longbow in...
Secure software development insights from The Linux Foundation
Monday, February 5, 2024 by Richard Harris
The Linux Foundation published a new report, Maintainer Perspectives on Open Source Software Security, based on a survey of OSS maintainers and core contributors, to understand perspectives on OSS security and the uptake and adoption of security best practices by maintainers, core contributors, end users, and other members of the OSS ecosystem.
Maintainer Perspective...
AI cybersecurity impacts according to NetLib Security
Monday, December 18, 2023 by Richard Harris
This is an easy call to make: NetLib Security predicts that Artificial Intelligence - Generative AI - will continue to heavily impact the world of cybersecurity, upping the game for defensive players, while giving cybercriminals more tools on the offensive side.
2023 was a year in which AI seemed suddenly to be everywhere. Although AI is not a new field, ChatGPT and ...
ASPM 2024 report from Cycode
Friday, December 15, 2023 by Richard Harris
Cycode announced the release of its inaugural State of ASPM 2024 report. The research found that AppSec chaos reigns, with 78% of CISOs responding that today’s AppSec attack surfaces are unmanageable and 90% of responders confirmed relationships between their security and development teams need to improve. Surprisingly, 77% of CISOs believe software supply ch...
AI app development assistant lands from NodeSource
Thursday, November 30, 2023 by Richard Harris
NodeSource, the Node.js observability, application management, monitoring, and security platform, announced the launch of the N|Solid Copilot, an AI assistant integrated into the Console of N|Solid Pro. Leveraging the N|Solid Pro platform to capture the most detailed telemetry for applications and paired with the company’s Node.js experts and OpenAI, the...
Q CTRL names Dave Kielpinski as Principal Quantum Control Scientist
Tuesday, May 16, 2023 by Brittany Hainzinger
Q-CTRL recently announced the addition of industry trailblazer Dave Kielpinski as Principal Quantum Control Scientist. Kielpinski has spent the last 25 years contributing to and leading research projects in uncharted territories of science. In 2002, he authored a foundational paper for quantum computing, which laid out the framework for the architecture of large-scale i...
Oxeye discovers vulnerability in HashiCorp Vault Project
Tuesday, April 25, 2023 by Freeman Lightner
Oxeye announced the discovery of a new vulnerability in the HashiCorp Vault Project that has now been patched. HashiCorp Vault is a popular identity-based secret and encryption management system used to control access to API encryption keys, passwords, and certificates. The vulnerability was automatically discovered and reported by the Oxeye Platform during a deployment...
SBOM mandate to improve cybersecurity in the US
Friday, March 17, 2023 by Freeman Lightner
The number of cyberattacks waged against government sectors worldwide increased by 95% in the second half of 2022 compared to the same time period in 2021. (1) The global cost of cyberattacks is expected to grow exponentially from $8.44 trillion in 2022 to $23.84 trillion by 2027. (2) To support the nation’s critical infrastructure and Federal Government networks,...
Open Bug Bounty has fixed 1 million vulnerabilities
Monday, November 7, 2022 by Brittany Hainzinger
Open Bug Bounty is an open, disintermediated, cost-free, and community-driven Bug Bounty platform for coordinated, responsible, and ISO 29147 compatible vulnerability disclosure. It passed the milestone on 27 October of fixing over 1,000,000 web security vulnerabilities.
The Open Bug Bounty project enables website owners to receive advice and support from&n...
DevOps predictions for 2022
Wednesday, January 19, 2022 by Richard Harris
Yoav Landman, Co-Founder, and CTO of JFrog created Artifactory after 7 years as a senior consultant with AlphaCSP. He has held several senior technical roles with Attunity, Verve, and Sausage. Yoav holds a Master of Computing degree from RMIT University and a BA in Law (LLB) from Haifa University.
Low-Code/No-Code, Metaverse, and DevOps predictions for 2022
Landma...
App security testing platform lands from Oxeye
Monday, January 3, 2022 by Freeman Lightner
Oxeye announced the company’s Cloud-Native Application Security Testing Platform (CNAST). The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle, delivering clear guidance for fast and accurate remediation.
App security testing platform CNAST
Accor...
2021 Coding Week recap from industry experts
Monday, September 20, 2021 by Richard Harris
National Coding Week takes place during September 13 - September 19 and it is a great time to engage everyone into coding in a fun and easy way. According to an article from National Today, "92 percent of executives believe American workers are not as skilled as they need to be." National Coding Week is a perfect opportunity for improving your coding skills to...
Faster customer integrations from HackerOne
Thursday, July 29, 2021 by Freeman Lightner
Tray.io has announced that HackerOne is using Tray Embedded to develop and deliver powerful customer integrations at scale. With Tray Embedded, HackerOne quadrupled its integration delivery speed to maximize developer efficiency and reduce the integration maintenance burden. Armed with seamless integrations, HackerOne customers can spend less time context-switching...
Dev Interrupted Community launched by LinearB
Wednesday, June 2, 2021 by Brittany Hainzinger
LinearB, the team behind Software Delivery Intelligence, has launched the “Dev Interrupted” community, which consists of a Discord community, podcast, newsletter, and events. As an engineering leadership community with over 1,000 discord members, Dev Interrupted brings the most forward thinking minds together to establish the future of daily continuous impro...
Docker desktop for Mac is now available from Docker Inc
Thursday, April 15, 2021 by Brittany Hainzinger
Docker, Inc.™ announced general availability of its much-anticipated Docker Desktop for Mac, enabling developers to leverage the advantages of the latest Macs powered by the M1 chip and extending the reach of their Docker collaborative application development platform to a new architecture.
“This is great news for the many developers who have been clamori...
CircleCI brings privacy enhancements for teams across the enterprise
Monday, February 22, 2021 by Brittany Hainzinger
CircleCI introduced new platform updates to increase the control, protection, privacy, and confidence of today’s engineering teams.
Business leaders are concerned with the growth of remote-only and its impact on security. In fact, research shows 28 percent of leaders in 2020 were anticipated to prioritize improving application security capabilities ...
Improving security posture with static application security testing
Friday, February 12, 2021 by Tim Jarrett
Amid the worldwide pursuit of digital transformation, the software has seen a meteoric rise, and application security has become paramount. As more companies become software-centric, they publish more applications, increasing the risk vulnerable code will be released. To help reduce this risk, static application security testing (SAST) can help dev teams find and fix we...
DevSecOps will go mainstream this year
Tuesday, January 26, 2021 by Richard Harris
Cybercriminals love Shadow Code exploits because hacking a commonly used library or service can place the malicious code on hundreds or thousands of websites. For example, the widely used jQuery JavaScript library has been breached multiple times, leading to digital skimming attacks broadly across the e-commerce sector. Adding jQuery to an application without ...
How DevOps will change in 2021
Saturday, January 9, 2021 by Freeman Lightner
DevOps will become much more security-aware. We’ll see greater attention paid to the newly expanded surface area created in the practice of DevOps and how to proactively protect against vulnerabilities in DevOps.
How DevOps will change in 2021 and the Impact from it
First, IT Ops and DevOps teams will need to reorient their processes to one that unifies...
Political app vulnerabilities raise concern
Thursday, October 22, 2020 by Doug Dooley
With election season upon us, the US population is being inundated by candidate and proposition propaganda from a variety of sources – including television, the US mail, and mobile device apps. As annoying as this flood of information is at times, it’s important to understand that when it comes to these popular apps, and in fact all apps, if certain security...
GitLab acquires Peach Tech and Fuzzit
Friday, June 12, 2020 by Brittany Hainzinger
GitLab announced it has acquired Peach Tech and Fuzzit. These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing. This makes GitLab’s DevSecOps offering the first security solution to offer both coverage-guided and behavioral fuzz testing techniques as well as the fi...
CircleCI updates platform to enhance speed and efficiency
Wednesday, May 27, 2020 by Brittany Hainzinger
CircleCI announced updates to its continuous integration and continuous delivery platform that will help developers build, test and deploy code faster and with ease. The updates include an enhanced web user interface, new insights capabilities, and upgrades to convenience images, CircleCI’s fleet of pre-packaged Docker images.
These additions come on the heels ...
Docker and Snyk partner to deliver container vulnerability scanning
Wednesday, May 20, 2020 by Brittany Hainzinger
Docker has partnered with Snyk to deliver native vulnerability scanning of container images in Docker. Together, Docker and Snyk will provide a streamlined workflow that makes the application development process more secure for millions of developers, allowing them to more quickly and confidently build secure applications as an automated part of their toolchain.
...
Fourth annual DevSecOps survey from Gitlab
Monday, May 18, 2020 by Brittany Hainzinger
GitLab released the results of its fourth annual DevSecOps survey uncovering how roles across software development teams have changed as more teams adopt DevOps. The survey of over 3,650 respondents from 21 countries worldwide found that rising rates of DevOps adoption and implementation of new tools has led to sweeping changes in job functions, tool choices and or...
How gamifying security improves cooperation with developers
Monday, May 11, 2020 by Ante Gulam
Scaling security across development challenges the most seasoned professionals. Regardless of company size or industry, risks can no longer be comfortably managed across an organization as a centralized function. Security leaders need people in other departments to understand risks and help their teams remediate and reduce them for security to be successful. Last month,...
New features from WSO2 API Manager
Friday, April 10, 2020 by Brittany Hainzinger
APIs are the core building blocks of digital businesses—assembling data, events and services from within the organization, throughout ecosystems, and across devices. This is driving demands to maximize adoption and reuse across internal and external portals and API marketplaces; ensure API security; and support modern architectures, including containers, microserv...
Container runtime scanning open source software launched by Portshift
Thursday, March 26, 2020 by Brittany Hainzinger
Portshift introduced Kubei Open Source container scanning software. Kubei is a unique open source Kubernetes runtime images scanning solution, presented to invite developer collaboration for the hardening of runtime environments. Kubei identifies which pods were built from vulnerable images or contain newly discovered vulnerabilities, then it couples the Kubernetes info...
Brainly appoints new Chief Product Officer
Tuesday, January 28, 2020 by Brittany Hainzinger
Brainly recently appointed Rajesh Bysani as its new Chief Product Officer (CPO).
While Brainly has succeeded at establishing itself as one of the United States’ leading digital education resources, last school year the platform achieved a major landmark in its global growth: it now reaches 15 million monthly users in the U.S., which means that 20% or one-fifth ...
How cloud computing is changing the developer world
Thursday, January 2, 2020 by Richard Harris
Cloud computing is continuing to change the way the world builds and interacts with technology, and the developers that make that possible are under more pressure than ever to keep innovating and pushing boundaries. With the launch of the latest version of its Cloud Pak for Data, IBM is helping them do just that, all while prioritizing what matters most: data privacy an...
StrandHogg Android vulnerability identified
Thursday, December 5, 2019 by Freeman Lightner
Promon, a Norwegian app security company, has identified tangible evidence of a dangerous Android vulnerability that allows malware to pose as any legitimate app, granting hackers access to private SMS’ and photos, steal victims’ log-in credentials, track movements, make and/or record phone conversations, and spy through a phone’s camera and microphone...
Evolve VM showcasing at Microsoft Ignite
Thursday, November 7, 2019 by Brittany Hainzinger
Adaptiva announced that it will showcase Evolve VM at Microsoft Ignite. This groundbreaking, complete vulnerability life cycle product automatically assesses endpoints for thousands of vulnerability, compliance, and health issues and instantly remediates them as soon as they are detected. Utilizing NIST's National Vulnerability Database and National Checklist Progra...
Build applications at speed with Cohesity Agile Dev
Thursday, September 12, 2019 by Freeman Lightner
Cohesity has announced the launch of Cohesity Agile Dev and Test, a new solution that addresses key bottlenecks organizations face in building applications at speed. It moves away from the request-fulfill model where developers request access to production-grade data and wait sometimes weeks for IT operations teams to provide the data needed to build...
Zeroday vulnerability announced byMcAfee at Defcon
Monday, August 19, 2019 by Richard Harris
At DEFCON, McAfee has announced the discovery of a zero-day vulnerability in a commonly used Delta industrial control system.
The vulnerability found in the Delta enteliBUS Manager could allow malicious actors complete control of the operating system, enabling remote manipulation of access control systems, boiler rooms, temperature control for critical systems and mo...
Testing software updates with production traffic
Thursday, July 18, 2019 by Robert Ross
Test and development cycles have significantly changed under the DevOps model. To remain competitive, software developers must continually release new application features. They’re sometimes pushing out code updates as fast as they are writing them. This is a significant change from how software and dev teams traditionally operated. It used to be that teams could ...
New intelligence suite aims to help tackle problems with growing IT
Friday, July 12, 2019 by Brittany Hainzinger
Snow Software announced a new suite of offerings to better empower customers to address their growing IT operations, cloud shift and digital transformation challenges. This new set of offerings is aligned to strategic business outcomes, providing customers with product choices that will better meet their unique needs now and in the future.
“The market has evolv...
