NativeScript public beta, Adobe’s approach to flaw detection, and Django REST framework 3.1—SD Times news digest: March 6, 2015

It has been almost a year since Telerik announced its cross-platform framework for Android, iOS, and Windows. Today, that NativeScript framework is finally making it into public beta. Valentin Stoychev, product line manager at Telerik, announced that developers can start using the framework to build native mobile apps with CSS and JavaScript.

“We have been working hard preparing for this day and delivering a framework which will enable JavaScript and Web developers to create modern mobile applications using the native capabilities of the mobile devices,” wrote Stoychev in a NativeScript blog post.

According to the framework’s road map, NativeScript version 1.0 should be available by next month.

More information is available here.

Adobe turns to public to discover security vulnerabilities
Adobe has announced an open approach to flaw detection, launching a Web application vulnerability disclosure program on the HackerOne platform.

The program allows users to search for bugs in its software, boosting their reputation on the platform the more vulnerabilities they discover. Adobe is looking for reports into cross-site scripting and forgery, server-side code execution, authentication and authorization, information disclosure, or misconfiguration vulnerabilities.

Adobe explained that all vulnerabilities affecting Adobe desktop products such as Flash, Reader, and enterprise on-premise solutions should be reported via e-mail to the Product Security Incident Response Team at PSIRT@adobe.com.

Django REST framework 3.1 release
Django REST framework 3.1 has been released with some new functionalities. According to Tom Christie, the framework’s creator, the release is just an incremental step in its Kickstarter project releases.

Version 3.1 includes:

• Enhancements to the pagination API
• An easier way to build versioned APIs
• Support for built-in internationalization
• New field types

The next release of the framework will feature an alternative admin-style interface, filtering controls, and HTML form rendering of serializers.

Microsoft discloses Windows is vulnerable to FREAK SSL flaw
Microsoft has revealed a vulnerability in Windows that allows the FREAK bug to enable man-in-the-middle attacks on SSL and TLS security layers.

The company posted a security advisory, recommending that users disable the RSA key exchange ciphers that result in FREAK by changing the SSL Cipher Suite in the Group Policy Object Editor. Microsoft stated it is “actively working” with its Microsoft Active Protections Program partners to investigate the vulnerability, which affects Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8 and 8.1, Windows Server 2012, and Windows RT.

More information can be found in the Microsoft security advisory.