Recent large-scale attacks on enterprise and infrastructure security have led the federal government and private businesses to rethink the way they manage security. Last month’s ransomware attack on the Colonial Pipeline shut down the main part of its network for five days, affecting fuel supplies across the United States. Additionally, an attack on SolarWinds infrastructure … continue reading
As organizations look towards DevSecOps as a way to infuse security throughout the software development life cycle while at the same time accelerating releases, more sides of the business have their hands on deck regarding security. However, it’s still the security side that’s on the hook when a major breach happens. “People like to say … continue reading
Spectral’s newly released Preflight solution is an open-source tool designed to help developers defend against supply chain attacks by automatically verifying and safely executing a user’s CI and third-party scripts. The solution queries popular anti-malware services to verify and block binaries if they contain malware. “Hackers have become increasingly sophisticated, with a variety of tools, … continue reading
Application security initiatives and programs are getting good at getting down to where an organization’s data lives and protecting it against threats, but that is only one piece of the security puzzle. With limited amounts of time, resources and people available to tackle security, organizations have had to prioritize what gets protected. “For instance, an … continue reading
Too many companies are missing a key software component in their businesses: their software bill of materials (SBOM). A SBOM is a list of all the components that make up a piece of software. According to Brian Fox, chief technology officer at Sonatype, while some may think it is a trivial requirement, it provides transparency … continue reading
Today’s companies are drowning in bits and bytes. According to Hubspot, the average enterprise manages 347.56 TB of data, while Splunk claims 55% of business data is unused. It’s obvious that organizations need to utilize data more effectively. When they do, they’re in a better position to enable effective value stream management. Both data and … continue reading
Cloudera has entered into a definitive agreement to be acquired by Clayton, Dubilier & Rice (“CD&R”) and KKR for $5.3 billion in cash, which will result in Cloudera becoming a private company. “This transaction provides substantial and certain value to our shareholders while also accelerating Cloudera’s long-term path to hybrid cloud leadership for analytics that … continue reading
This issue of SD Times features a look at how low code meets the urgency of a rapidly changing world, how open source is more of a community than a brand, and shifting security left. … continue reading
Angular announced a new automated feature request process that it will implement over the next few weeks after the team found that a large portion of requests among its three main repos were feature requests. In the new process, an Angular team member will review a ticket manually and identify it as either a feature … continue reading
Amazon Redshift ML is now generally available. The cloud data warehouse enables users to create machine learning models and make predictions from data directly from their Amazon Redshift cluster. Users just have to use a simple SQL query to specify what data they want to use to train their model as well as the output … continue reading
Docker announced new improvements to increase velocity, improve workflows, and provide trusted-content offerings to software developers at its DockerCon 2021 annual conference this week. The Docker Collaborative Application Development Program now features three key improvements: Docker Development Environments, a new version of Docker Compose and Scoped Personal Access Tokens. “Today’s developers face a variety of … continue reading
The SaaS security company Detectify last week announced the general availability of its standalone application security tool: Ugly Duckling. The tool is designed to make easier for ethical hackers to share their latest findings on vulnerabilities and then integrate them into automated security tests on Detectify’s platform. It provides the tools to create more test … continue reading
Microsoft announced the release of TypeScript 4.3, which adds many new features such as separate write types on properties, ‘override’ and the ‘–noImplicitOverride’ flag, template string type improvements and more. With separate write types, developers can specify types for reading and writing to properties. TypeScript will only use the “reading” type when considering how two … continue reading
Palo Alto Networks today is officially making the code for its open-source project, Yor, available on GitHub. Yor, which went live Monday, is an open-source project that automatically tags cloud resources in Infrastructure as Code frameworks such as Terraform, Kubernetes, Cloudformation and the Serverless Framework, according to the company’s announcement. “DevSecOps is about breaking down silos … continue reading
