WhiteSource has announced it will now integrate with Microsoft Visual Studio Code Editor. According to the company, the integration gives Visual Studio Code developers visibility and security alerts on problematic open-source components while continuing to develop within their preferred development environment.

“Integrating security testing pre-build allows issues to be detected earlier when they are easier and quicker to fix. With this integration, WhiteSource gives developers the information they need, when they need it, in their own environment,” WhiteSource wrote in a announcement.

With this new addition, WhiteSource now supports Visual Studio Code, Visual Studio, IntelliJ, and Eclipse. 

Microsoft announces Zero Trust deployment guide
Microsoft’s Zero Trust deployment guide focuses on how to deploy and configure Microsoft Cloud App Security to apply Zero Trust principles across the app ecosystem, regardless of where those apps reside.

Specifically, the guide will cover the discovery of Shadow IT to ensure that appropriate in-app permissions are enforced, gating access based on real-time analytics, monitoring for abnormal behavior based on real-time UEBA, controlling user interactions with data, and assessing the cloud security posture of an organization.

The full deployment guide is available here.

Google’s guide on setting up OAuth 2.0 flows
Google released a guide to help developers set up OAuth 2.0 in supported user-agents,and to inform developers how to enable sign-in on their framework-based apps and how to test for compatibility.

This comes after Google announced that all embedded frameworks will be blocked on January 4th, 2021 to protect users from “man-in-the-middle” attacks. 

Google recommends using browser-based OAuth 2.0 flows for app developers that use CEF or other clients for authorization on devices.

For limited-input device applications, such as applications that do not have access to a browser or have limited input capabilities, Google recommends using limited-input device OAuth 2.0 flows.

Additional details are available here.

OMG and IIC announce new IoT security maturity model
The Object Management Group and Industrial Internet Consortium has announced the release of IoT Security Maturity Model (SMM) 1.2. The new release is targeted specifically at the retail industry and point-of-sale devices.

“Internet-connected devices, from point-of-sale payment devices such as signature scanners, to audit-logging devices such as printers and cash dispensers, have dramatically increased retail industry security threats,” said Andy Mattice, co-chair of the OMG Retail Domain Task Force, and solutions enablement at Lexmark. “New threats are constantly emerging, and attackers are becoming more capable and organized. At the same time, compliance requirements for security and data protection are becoming more stringent. Retail organizations are rightly concerned about developing robust security and data protection plans.”

The model will help organization determine the level of security needed for their business.

More information is available here.

Weekly Apache news roundup 
Last week saw the release of Apache Commons JCS 3.0, JCS is a distributed caching system written in Java that adds new functionality related to multi-threaded programming below the java.util.concurrent package. 

New library releases also included Apache Log4cxx 0.11.0 and Apache CXF 3.4.0.

Apache OpenMeetings 5.0.0-M4 provides WebRTC audio/video/screen-sharing in the Room. Also, flash plugin is no longer required in the browser and Java 11 is required. 

The Big Data projects of Apache have seen a number of updates including HBase 2.3.1, Calcite 1.25.0, and Flink 1.10.2.

The full roundup is available here.