Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.
Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.
Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.
IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.
The new version of Electron JS includes upgrades to Chromium 87, V8, 8.7, and Node.js 12.18.3 as well as support for Apple silicon and general improvements. Other improvements include an added V8 crash message and location information to crashReport parameters and improved performance for sending wide objects over the context bridge. Additional details on all … continue reading
Gravitational changed its name to Teleport and released the Teleport Unified Access Plane. “The decision to formally change our name to Teleport supports the natural evolution that our company has followed from the point it was founded – to create software for engineers that allows them to quickly access any resource anywhere,” said Ev Kontsevoy, … continue reading
Exadel, a global provider of digital software engineering solutions and services, announced the release of CompreFace, an open-source facial recognition application. CompreFace can be integrated as a standalone service or deployed via the cloud. It’s convenient API offers state-of-the-art facial recognition. To get started with Compreface, visit: (https://github.com/exadel-inc/CompreFace#overview) “Facial recognition technology is being rapidly adopted across … continue reading
Merge Confidence is a new automated solution that helps developers safely update and remediate their open source dependencies by using a badge to show how likely an open source component can be updated without breaking the build. “Open source components are updated at such a staggering rate, it is impossible to manage this process manually. … continue reading
Android announced that it would migrate all of its current build systems to Bazel. While components of Bazel have been already checked into the Android Open Source Project (AOSP) source tree, this will be a phased migration over the next few Android releases and will include many concrete and digestible milestones to make the transformation … continue reading
WhiteSource announced new vulnerability-based alerts designed to speed up and simplify the vulnerability management process. It will provide developers with flexibility when managing alerts as well as providing a more granular view of the issues, according to the company. “The number of known security vulnerabilities has been rising exponentially over the past few years, and … continue reading
Apple announced that later this year users will be able to learn about some of the data types that certain apps collect, and whether that data is linked to them or used to track them. Starting on December 8th, developers will be required to summit this information when they add new apps and app updates … continue reading
Sonatype’s 2020 State of the Software Supply Chain Report found that next generation cyber-attacks actively targeting open-source soft- ware projects increased 430% over the past 12 months. Industry and the Open Source communities recognize heightened security risks and are working to solve these. For example, in August 2020 the Linux Foundation launched the Open Source … continue reading
IBM has announced the Code Risk Analyzer, a focused effort to bring security and compliance analytics to DevSecOps. The Code Risk Analyzer can be configured to run at the beginning of a developer’s code pipeline and it reviews and analyzes Git repositories for known issues with any open-source code that needs to be managed. It … continue reading
Halloween is upon us, and while much of the world is focused on scary creatures like ghosts, ghouls, or werewolves, DevSecOps teams have a few scary creatures of their own to deal with. From the Dracula-like developer stuck in a world from centuries ago who is thwarting the creation of secure apps, to the DevOps … continue reading
The newly launched Tasktop Flow Institute online community for business leaders offers custom courses and content to gain practical knowledge and skills, as well as better understand value stream management and Tasktop Flow Metrics, according to the company. “Becoming a software innovator means knowing how to measure what matters across your entire software portfolio,” said … continue reading