Topic: security

Vulnerability discovered in Spring that enables DoS attacks

An Expression Denial of Service (DoS) vulnerability was found by Code Intelligence in the Spring Framework, a popular Java application development framework.  “As part of our efforts to improve the security of open-source software, we continuously test open-source projects with our JVM fuzzing engine Jazzer in Google’s OSS-Fuzz. One of our tests yielded a Denial … continue reading

Code in the fast lane: Why secure developers can ship at warp speed

Skills verification has been a facet of our lives for most of the modern era, granting us validity and opening doors that wouldn’t otherwise be available. Driving, for example, is an important rite of passage for most, and we’re expected to pass a set of standardized assessments to confirm that we can be trusted with … continue reading

JFrog announced new capabilities to improve security of software releases

JFrog announced the beta of the Artifactory release lifecycle management platform to standardize and track development processes with greater accountability and security.  “Organizations of all sizes are challenged to keep software up-to-date and secure while operating at the speed of business, particularly when development teams are globally distributed, which can result in a lack of … continue reading

Google announces 2023 plans for privacy for Google Play and Android

Google prides itself on its initiatives regarding security in the Android ecosystem. Over the past year it has made a lot of strides, and now the company is detailing its plans for the upcoming year. One of the areas for improvement is opening up spaces for developers to support each other. It has opened up … continue reading

What the National Cybersecurity Strategy means for software providers

The National Cybersecurity Strategy released by the Biden Administration this week includes key recommendations that significantly mitigate software supply chain risks. Specifically, the White House recommends making software providers liable for insecure software. Until now, the U.S. government has never taken such a bold stance on liability for software products at this level. The strategy … continue reading

White House reveals new plan for how U.S. addresses cybersecurity

The White House has released a new plan for ensuring security in digital ecosystems. It hopes to “reimagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and … continue reading

Puppet Enterprise 2023.0 released with NIST compliance

Puppet Enterprise 2023.0 is the latest release following 2021.7 that includes NIST compliance, the ability to authenticate users in multiple Lightweight Directory Access Protocol (LDAP) domains, adds a streamlined user interface, and more.  With NIST compliance, Puppet Enterprise 2023.0 reduces compliance risk and the risk of sensitive information being accessed. Users can customize the timeout … continue reading

SonarQube 9.9 LTS helps organizations produce clean code

SonarSource’s release of SonarQube 9.9 Long-Term Support (LTS) aims to help organizations clean their code quickly with accelerated pull request analysis, support for building and deploying secure cloud-native applications, and more.  “Our mission is to equip organizations with the solution and methodology to achieve a state of Clean Code, making all code fit for development … continue reading

Time to hide your API

The need for robust API security is growing rapidly in response to the increasing dependence of organizations on APIs for their digital operations.  With 70% of respondents to a report expecting to use more APIs in 2023 than last year, this presents a heightened challenge for API security, which only comprises about 4% of the … continue reading

Enterprises struggle with long-term exposure to security flaws

As the number of zero-day vulnerabilities continues to climb, enterprises are struggling to keep up with the long-term exposure to these security flaws. Recently, Rob Silvers, undersecretary for policy at the U.S. Department of Homeland Security and chair of its Cyber Safety Review Board, proclaimed that Log4j “is not over.” He noted that enterprises are … continue reading

2023: The Year of Continuous Improvement

March 13, 2020. Friday the 13th. That’s when a large number of companies shut their offices to prevent the spread of a deadly virus – COVID-19. Many thought this would be a short, temporary thing.  They were wrong. The remainder of 2020 and 2021 were spent trying to figure out how to get an entire … continue reading

Report: over 30% of applications contain flaws at first scan

Veracode, provider of modern application security testing solutions, today released the results of the Veracode State of Software Security 2023 report, revealing that flaw build up overtime poses a real issue for many businesses. According to the report, nearly 32% of applications are found to have flaws at the first scan, jumping to almost 70% … continue reading

DMCA.com Protection Status
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!