Bug bounty platform provider HackerOne announced that it raised $36.4 million in funding from Valor Equity Partners, bringing its total to $110 million.
The company explained it will continue to workon “second-order benefits of vulnerability disclosure,” and with a community of pentesters and other security research experts. In addition, the company is building a data infrastructure and data science team.
“When you put data scientists and vulnerability experts in the same room with the world’s largest database of useful vulnerability information, you can extract valuable and actionable insights and intelligence. These innovations will make it into our program offerings and perhaps also result in entirely new services,” Maren Mickos, CEO of HackerOne, wrote in a post.
VS 2019 16.3 preview 3 enables refactorings with IntelliCode
Microsoft announced VS 2019 16.3 preview 3, which enables refactorings with IntelliCode. IntelliCode spots repetition and suggest other places in the code for which its would be best to apply that change within an IDE.
“This isn’t just tracking text changes – IntelliCode is aware of the syntactic structure of your code. This syntactic awareness allows it to detect cases where the variable names in your refactoring examples differ but the essential structure of the change is the same,” Microsoft wrote.
The full details on VS 2019 16.3 preview 3 are available here.
Android 8.0 devices or higher must install batch attestation key
Google announced that OEMs producing devices with Android 8.0 or higher will need to install a batch attestation key provided by Google on each device at the time of manufacturing.
Android devices since Android 7.0 are able to generate an attestation certificate that attests to the security properties of the device’s hardware and software, however, these keys might need to be revoked due to accidental disclosure, mishandling and suspected extraction by attackers.
Google’s solution is a single TLS-secured URL that returns a list containing all revoked Android attestation keys. The system allows Google “to express more nuance about the status of a key and the reason for the status,” according to the company.
New class in .NET Core 3.0 enables interaction with native libraries
.NET Core 3.0 has a new class that enables interaction with native libraries using ‘DllImport.’
With the new class, the function foo is now available from the native library mylibrary. This function accepts no arguments and returns an int. .NET takes care of marshaling the argument types.
Red Hat outlined how developers can use ‘DllImport’ with the flexibility of picking a specific library at runtime in a blog post.