DevOps predictions for 2022
Wednesday, January 19, 2022 by Richard Harris
Yoav Landman, Co-Founder, and CTO of JFrog created Artifactory after 7 years as a senior consultant with AlphaCSP. He has held several senior technical roles with Attunity, Verve, and Sausage. Yoav holds a Master of Computing degree from RMIT University and a BA in Law (LLB) from Haifa University.
Low-Code/No-Code, Metaverse, and DevOps predictions for 2022
Landma...
App security testing platform lands from Oxeye
Monday, January 3, 2022 by Freeman Lightner
Oxeye announced the company’s Cloud-Native Application Security Testing Platform (CNAST). The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle, delivering clear guidance for fast and accurate remediation.
App security testing platform CNAST
Accor...
2021 Coding Week recap from industry experts
Monday, September 20, 2021 by Richard Harris
National Coding Week takes place during September 13 - September 19 and it is a great time to engage everyone into coding in a fun and easy way. According to an article from National Today, "92 percent of executives believe American workers are not as skilled as they need to be." National Coding Week is a perfect opportunity for improving your coding skills to...
Faster customer integrations from HackerOne
Thursday, July 29, 2021 by Freeman Lightner
Tray.io has announced that HackerOne is using Tray Embedded to develop and deliver powerful customer integrations at scale. With Tray Embedded, HackerOne quadrupled its integration delivery speed to maximize developer efficiency and reduce the integration maintenance burden. Armed with seamless integrations, HackerOne customers can spend less time context-switching...
Dev Interrupted Community launched by LinearB
Wednesday, June 2, 2021 by Brittany Hainzinger
LinearB, the team behind Software Delivery Intelligence, has launched the “Dev Interrupted” community, which consists of a Discord community, podcast, newsletter, and events. As an engineering leadership community with over 1,000 discord members, Dev Interrupted brings the most forward thinking minds together to establish the future of daily continuous impro...
Docker desktop for Mac is now available from Docker Inc
Thursday, April 15, 2021 by Brittany Hainzinger
Docker, Inc.™ announced general availability of its much-anticipated Docker Desktop for Mac, enabling developers to leverage the advantages of the latest Macs powered by the M1 chip and extending the reach of their Docker collaborative application development platform to a new architecture.
“This is great news for the many developers who have been clamori...
CircleCI brings privacy enhancements for teams across the enterprise
Monday, February 22, 2021 by Brittany Hainzinger
CircleCI introduced new platform updates to increase the control, protection, privacy, and confidence of today’s engineering teams.
Business leaders are concerned with the growth of remote-only and its impact on security. In fact, research shows 28 percent of leaders in 2020 were anticipated to prioritize improving application security capabilities ...
Improving security posture with static application security testing
Friday, February 12, 2021 by Tim Jarrett
Amid the worldwide pursuit of digital transformation, the software has seen a meteoric rise, and application security has become paramount. As more companies become software-centric, they publish more applications, increasing the risk vulnerable code will be released. To help reduce this risk, static application security testing (SAST) can help dev teams find and fix we...
DevSecOps will go mainstream this year
Tuesday, January 26, 2021 by Richard Harris
Cybercriminals love Shadow Code exploits because hacking a commonly used library or service can place the malicious code on hundreds or thousands of websites. For example, the widely used jQuery JavaScript library has been breached multiple times, leading to digital skimming attacks broadly across the e-commerce sector. Adding jQuery to an application without ...
How DevOps will change in 2021
Saturday, January 9, 2021 by Freeman Lightner
DevOps will become much more security-aware. We’ll see greater attention paid to the newly expanded surface area created in the practice of DevOps and how to proactively protect against vulnerabilities in DevOps.
How DevOps will change in 2021 and the Impact from it
First, IT Ops and DevOps teams will need to reorient their processes to one that unifies...
Political app vulnerabilities raise concern
Thursday, October 22, 2020 by Doug Dooley
With election season upon us, the US population is being inundated by candidate and proposition propaganda from a variety of sources – including television, the US mail, and mobile device apps. As annoying as this flood of information is at times, it’s important to understand that when it comes to these popular apps, and in fact all apps, if certain security...
GitLab acquires Peach Tech and Fuzzit
Friday, June 12, 2020 by Brittany Hainzinger
GitLab announced it has acquired Peach Tech and Fuzzit. These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing. This makes GitLab’s DevSecOps offering the first security solution to offer both coverage-guided and behavioral fuzz testing techniques as well as the fi...
CircleCI updates platform to enhance speed and efficiency
Wednesday, May 27, 2020 by Brittany Hainzinger
CircleCI announced updates to its continuous integration and continuous delivery platform that will help developers build, test and deploy code faster and with ease. The updates include an enhanced web user interface, new insights capabilities, and upgrades to convenience images, CircleCI’s fleet of pre-packaged Docker images.
These additions come on the heels ...
Docker and Snyk partner to deliver container vulnerability scanning
Wednesday, May 20, 2020 by Brittany Hainzinger
Docker has partnered with Snyk to deliver native vulnerability scanning of container images in Docker. Together, Docker and Snyk will provide a streamlined workflow that makes the application development process more secure for millions of developers, allowing them to more quickly and confidently build secure applications as an automated part of their toolchain.
...
Fourth annual DevSecOps survey from Gitlab
Monday, May 18, 2020 by Brittany Hainzinger
GitLab released the results of its fourth annual DevSecOps survey uncovering how roles across software development teams have changed as more teams adopt DevOps. The survey of over 3,650 respondents from 21 countries worldwide found that rising rates of DevOps adoption and implementation of new tools has led to sweeping changes in job functions, tool choices and or...
How gamifying security improves cooperation with developers
Monday, May 11, 2020 by Ante Gulam
Scaling security across development challenges the most seasoned professionals. Regardless of company size or industry, risks can no longer be comfortably managed across an organization as a centralized function. Security leaders need people in other departments to understand risks and help their teams remediate and reduce them for security to be successful. Last month,...
New features from WSO2 API Manager
Friday, April 10, 2020 by Brittany Hainzinger
APIs are the core building blocks of digital businesses—assembling data, events and services from within the organization, throughout ecosystems, and across devices. This is driving demands to maximize adoption and reuse across internal and external portals and API marketplaces; ensure API security; and support modern architectures, including containers, microserv...
Container runtime scanning open source software launched by Portshift
Thursday, March 26, 2020 by Brittany Hainzinger
Portshift introduced Kubei Open Source container scanning software. Kubei is a unique open source Kubernetes runtime images scanning solution, presented to invite developer collaboration for the hardening of runtime environments. Kubei identifies which pods were built from vulnerable images or contain newly discovered vulnerabilities, then it couples the Kubernetes info...
Brainly appoints new Chief Product Officer
Tuesday, January 28, 2020 by Brittany Hainzinger
Brainly recently appointed Rajesh Bysani as its new Chief Product Officer (CPO).
While Brainly has succeeded at establishing itself as one of the United States’ leading digital education resources, last school year the platform achieved a major landmark in its global growth: it now reaches 15 million monthly users in the U.S., which means that 20% or one-fifth ...
How cloud computing is changing the developer world
Thursday, January 2, 2020 by Richard Harris
Cloud computing is continuing to change the way the world builds and interacts with technology, and the developers that make that possible are under more pressure than ever to keep innovating and pushing boundaries. With the launch of the latest version of its Cloud Pak for Data, IBM is helping them do just that, all while prioritizing what matters most: data privacy an...
StrandHogg Android vulnerability identified
Thursday, December 5, 2019 by Freeman Lightner
Promon, a Norwegian app security company, has identified tangible evidence of a dangerous Android vulnerability that allows malware to pose as any legitimate app, granting hackers access to private SMS’ and photos, steal victims’ log-in credentials, track movements, make and/or record phone conversations, and spy through a phone’s camera and microphone...
Evolve VM showcasing at Microsoft Ignite
Thursday, November 7, 2019 by Brittany Hainzinger
Adaptiva announced that it will showcase Evolve VM at Microsoft Ignite. This groundbreaking, complete vulnerability life cycle product automatically assesses endpoints for thousands of vulnerability, compliance, and health issues and instantly remediates them as soon as they are detected. Utilizing NIST's National Vulnerability Database and National Checklist Progra...
Build applications at speed with Cohesity Agile Dev
Thursday, September 12, 2019 by Freeman Lightner
Cohesity has announced the launch of Cohesity Agile Dev and Test, a new solution that addresses key bottlenecks organizations face in building applications at speed. It moves away from the request-fulfill model where developers request access to production-grade data and wait sometimes weeks for IT operations teams to provide the data needed to build...
Zeroday vulnerability announced byMcAfee at Defcon
Monday, August 19, 2019 by Richard Harris
At DEFCON, McAfee has announced the discovery of a zero-day vulnerability in a commonly used Delta industrial control system.
The vulnerability found in the Delta enteliBUS Manager could allow malicious actors complete control of the operating system, enabling remote manipulation of access control systems, boiler rooms, temperature control for critical systems and mo...
Testing software updates with production traffic
Thursday, July 18, 2019 by Robert Ross
Test and development cycles have significantly changed under the DevOps model. To remain competitive, software developers must continually release new application features. They’re sometimes pushing out code updates as fast as they are writing them. This is a significant change from how software and dev teams traditionally operated. It used to be that teams could ...
New intelligence suite aims to help tackle problems with growing IT
Friday, July 12, 2019 by Brittany Hainzinger
Snow Software announced a new suite of offerings to better empower customers to address their growing IT operations, cloud shift and digital transformation challenges. This new set of offerings is aligned to strategic business outcomes, providing customers with product choices that will better meet their unique needs now and in the future.
“The market has evolv...
WordPress plugin vulnerabilities are a hackers playground
Wednesday, April 10, 2019 by Bryan Becker
What do TechCrunch, BBC America, PlayStation and MTV News all have in common?
Each of their websites is powered by WordPress.
Over 74.6 million, or roughly 30 percent, of the world’s websites, depend on WordPress to power their online platforms. Every second there are over six new WordPress.com posts and over 47,000 plugins, with the number growing daily. Wh...
Making things easy for the developer is ActiveState's mission
Tuesday, April 2, 2019 by Christian Hargrave
ActiveState added enhancements to its ActiveState Platform, a SaaS offering, benefiting contributors, maintainers and users facing challenges with Python and other open source languages.
The new features will give ActiveState Platform account holders the flexibility to fork an existing language distribution and install it into a virtual environment. Developers elimin...
CommunityBridge gives better visibility into open source code
Monday, March 18, 2019 by Christian Hargrave
The Linux Foundation has launched CommunityBridge, a platform that aims to empower developers and the individuals and organizations who support them, to advance sustainability, security, and diversity in open source technology. With the help of source{d}, the Linux Foundation will be able to provide the Open Source community with greater visibility into each projec...
Software engineer happiness matters
Tuesday, February 19, 2019 by Bart Copeland
In the never-ending quest for greater developer productivity, security and compliance usually seem like monkey wrenches in the machinery. These aspects of development are essential, but they can slow down the flow of work and frustrate developers.
Security and compliance dog the whole software development process, from the too-often-forgotten build engineering team, ...
Mesh networking security from NeuVector at IBM Think 2019
Thursday, February 14, 2019 by Richard Harris
NeuVector announced a new platform integration with the Istio and Linkerd2 service meshes that expands NeuVector’s security capabilities for production Kubernetes deployments. The integration - developed in coordination with IBM Cloud and the Istio open source development team - delivers new capabilities for network visibility and threat detection, even for connec...
What does the Kubernetes privilege escalation flaw mean
Tuesday, December 4, 2018 by Richard Harris
Bringing together powerful applications into containerized services that are open source can have their drawbacks, as recently discovered by the RedHat issued a critical Security Advisory and patches for CVE-2018-1002105, a privilege escalation flaw impacting Kubernetes.
Sumo Logic CSO, George Gerchow weighs in: "The Kubernetes vulnerability is a huge deal, even...
AI for cybersecurity
Tuesday, November 27, 2018 by Richard Harris
As organizations struggle to deal with the growing sophistication of hackers and the influx in data breaches, it's becoming clear that AI could be a critical tool for automatically defending applications from cyber attacks - but there are challenges to overcome. Ivan Novikov, the CEO of AI security company Wallarm, offers some insight below on how AI can be utilized...
Single Page Application security help
Tuesday, October 23, 2018 by Richard Harris
Single-page applications, or SPAs, are web apps that load a single HTML page and dynamically update that page as the user interacts with the app. Their origins are unclear but the concept was discussed as early as 2003 according to the archives on Wiki. SPAs use AJAX and HTML5 to create fluid and responsive Web apps, without constant page reloads - that literally means,...
GitHub Actions and other announcements from GitHub Universe
Wednesday, October 17, 2018 by Richard Harris
GitHub, the soon to be acquired by Microsoft company, has always been known for its source code repository capabilities for developers. But why just store the code on a platform when you can run it too?
At its annual developer conference, GitHub Universe, they announced Actions, which is essentially a way to help automate your development workflows. Actions use...