The Eclipse Foundation has announced that it formed the Open Regulatory Compliance Working Group to help the open source community navigate upcoming global regulations. “Given the impact of software technology on the global economy, it is unsurprising that governments worldwide are enacting new regulations to safeguard privacy, security, and accessibility,” said Mike Milinkovich, executive director … continue reading
The data control and compliance company Securiti has just announced it expanded its compliance solution, Securiti Compliance Management, to include the requirements of the EU’s recently passed AI Act, the NIST AI Risk Management Framework, and the Singapore Model AI Governance Framework. The company hopes that its latest update will make it easier for companies … continue reading
Companies in certain industries – banking, healthcare, and the like – are subject to many different regulations when it comes to things like how they store user data, required communications with customers, and what data can and can’t be collected. For example, financial companies need to comply with Anti-Money Laundering (AML) and Combating the Financing … continue reading
JFrog has announced the introduction of JFrog Curation, an automated DevSecOps solution designed to thoroughly inspect and block contaminated open-source or third-party software packages and their respective dependencies before they enter a company’s software development environment. JFrog Curation, which is integrated with JFrog Artifactory, uses binary metadata for the identification of high-risk packages with high-severity … continue reading
GitLab announced that it has been expanding support for Code Suggestions, has added a new level of visibility with Value Stream Dashboard, and has added a new and improved license compliance scanner along with license approval policies. The company’s aim behind the improvements is to help fill the skills gap since security engineers are outnumbered … continue reading
The new Qt Insight platform provides real customer insights into the usage of applications or devices. The platform reveals how users navigate devices, identifies customer pain points, analyzes performance, and creates concrete, evidence-based development plans to optimize product development and lower running costs by eliminating redundant, unused features based on session activity and metrics such … continue reading
As security and privacy grow in importance, regulatory compliance is becoming an increasing priority for most businesses. But let’s just say it: compliance audits are not fun. That’s especially true when it comes to engineering and development teams, who are tasked with gathering all of the relevant data – in other words, evidence – needed … continue reading
Gravitational changed its name to Teleport and released the Teleport Unified Access Plane. “The decision to formally change our name to Teleport supports the natural evolution that our company has followed from the point it was founded – to create software for engineers that allows them to quickly access any resource anywhere,” said Ev Kontsevoy, … continue reading
IBM has announced the Code Risk Analyzer, a focused effort to bring security and compliance analytics to DevSecOps. The Code Risk Analyzer can be configured to run at the beginning of a developer’s code pipeline and it reviews and analyzes Git repositories for known issues with any open-source code that needs to be managed. It … continue reading
A majority of developers feel forced to sacrifice security for the speed that today’s development cycles require. A recent report from WhiteSource found 73% of security teams at organizations are forced to cut corners, and the AppSec tools they use are to check the box towards DevSecOps improvements and are not effectively used. “There are … continue reading
Datadog today is revealing its vision for bringing security and performance monitoring into a single platform in the form of updates and new product features for its cloud infrastructure monitoring platform. At its virtual DASH conference this week, the company announced Error Tracking, Incident Management, Compliance Monitoring and Continuous Profiler, rounding out its platform to … continue reading
Software development may be a faster process thanks to the rise of Agile, DevOps, and continuous delivery, but governance, risk and compliance (GRC) management are slowing things down. There are many manual and lengthy checks that go into GRC to make sure the software is secure, adheres to laws and regulations, and is on track … continue reading
