Google is trying to make authentication easier and safer for developers by introducing new features to the Google Identity Services (GIS) library. “For developers, our focus has always been to offer a frictionless experience that makes it easier for users to onboard and return to partner platforms, while also helping developers create a trusted relationship … continue reading
In recent years, hackers have become very sophisticated in the ways they attack upstream development pipelines by introducing vulnerabilities into the software supply chain. The popularity of open source makes those repositories a low-hanging fruit to target. In an SD Times Live! Event titled “Threat Landscapes: An Upstream and Downstream Moving Target,” Theresa Mammarella, developer … continue reading
The threat modeling and security cloud infrastructure company, ThreatModeler, has announced the general availability of ThreatModeler 6.0. This release offers users multiple new capabilities intended to improve the threat modeling process for both security and DevOps teams. With this update comes a complete redesign of the platform’s interface, workflows, model building, and reporting based on … continue reading
The Rust Foundation, the nonprofit organization for the Rust programming language, today announced that it will be establishing a dedicated security team, underwritten by the OpenSSF’s Alpha-Omega Initiative as well as the foundation’s newest platinum member, JFrog. “There’s often a misperception that because Rust ensures memory safety that it’s one hundred percent secure, but Rust … continue reading
California Attorney General Rob Bonta has announced a settlement with the beauty brand Sephora over allegations that the company has violated California’s landmark privacy law, the California Consumer Privacy Act (CCPA). According to Bonta, it was determined after an enforcement sweep that Sephora failed to disclose to customers that the company was selling their personal … continue reading
The following is a listing of API management tool providers, along with a brief description of their offerings. Apigee is an API management platform for modernizing IT infrastructure, building microservices and managing applications. The platform was acquired by Google in 2016 and added to the Google Cloud. It includes gateway, security, analytics, developer portal, and … continue reading
The use of APIs has skyrocketed over the years and with organizations using so many different types of APIs on a normal basis, API management has become essential for managing the API attack surface. Fifty-one percent of respondents said that more than half of their organizations’ development effort is spent on APIs—compared with 40% of … continue reading
The API security and observability company, Traceable AI, today announced that its API Security Testing solution in its API Security Platform is now generally available. This allows users to test any API in pre-production for vulnerabilities, accuracy, reliability, and security. According to the company, this release ensures that all APIs are aligned with the highest … continue reading
Styra, the company behind Open Policy Agent (OPA), has announced a new solution for scanning configuration files for errors. The new feature, Repo Scan, is included as part of Styra Declarative Authorization Service (DAS). According to Styra, cloud components and platforms like AWS, GCP, and Microsoft Azure are governed and controlled by automated tooling, and … continue reading
Copado, the low-code DevOps company, today launched a new DevSecOps training module in order to make software releases faster and more secure. The module is currently available in the Copado Community. “Without DevSecOps best practices, software releases can be plagued with quality and security issues, costing more time and money post-production to correct them,” said … continue reading
Cloudera announced the launch of Cloudera Data Platform (CDP) One, an all-in-one data lakehouse software for analytics and exploratory data science. The service has built-in enterprise security and machine learning that requires no security or monitoring operations staff, helping companies move to cloud computing for analytics and data. “Empowering everyone in your business to get … continue reading
Almost any company writing software today understands and glorifies the concept of Minimum Viable Product. Creating something that is just good enough for customers to successfully use it is enshrined as the most parsimonious path to profits. MVP has over time taken on additional freight as a general term connoting faster time-to-market for features or … continue reading