The team at Opsera, the Continuous Orchestration platform for DevOps, today announced the release of Opsera GitCustodian. This new solution is intended to alert security and DevOps teams of vulnerable data found in source code repositories so that they can prevent vulnerabilities from making it to production. GitCustodian also works to automate the remediation process … continue reading
As the pace and complexity of software development increases, organizations are looking for ways to improve the performance and effectiveness of their application security testing, including “shifting left” by integrating security testing directly into developer tools and workflows. This makes a lot of sense, because defects, including security defects, can often be addressed faster and … continue reading
When creating, testing, and deploying software, many development companies now use proprietary software and open source software (OSS). Proprietary software, also known as closed-source or non-free software, includes applications for which the publisher or another person reserves licensing rights to modify, use, or share modifications. Examples include Adobe Flash Player, Adobe Photoshop, macOS, Microsoft … continue reading
As many organizations are bolstering up their security measures, hackers have shifted their focus to smaller and more concentrated attacks, according to Daniel Fonseca, senior solutions engineer at Kiuwan in the webinar “Preventing common vulnerabilities with Kiuwan’s SAST, SCA, and QA tools.” The National Vulnerability Database (NVD) said there were over 20,000 security vulnerabilities CVE … continue reading
The World Wide Web Consortium (W3C) announced that Decentralized Identifiers (DIDs) v1.0 is now an official web standard. The new type of verifiable identifier doesn’t require a centralized registry and it will enable individuals and organizations to take better control of their online information while providing greater security and privacy, according to W3C. Users will … continue reading
In an attempt to meet companies where they are in their transition to passwordless, Stytch introduced a new password-based authentication solution “rebooted for the modern era.” The idea behind the solution is to create a way for companies to ease into passwordless by not quitting passwords cold turkey since a full 85% of IT and … continue reading
Rafay Systems launched a new open-source software project named Paralus to help keep users safe and applications secure on any Kubernetes environment for free. Paralus offers identity and access management throughout an organization by providing a single login zero-trust K8s solution to grant authorized users seamless and secure access to all clusters with a native … continue reading
Data breaches are nothing new, but they have pretty consistently increased year-over-year. Despite the massive amounts of money companies invest into security to prevent breaches, they still commonly occur. According to a report from the Identity Theft Resource Center (ITRC), 2021 saw an all-time high of data breaches, 23% more than the previous all-time high. … continue reading
Developers now encounter all kinds of tools and integrations coming at them from everywhere, for all parts of the software delivery process and an ever-increasing threat landscape. Trying to handle security with DevOps these days can sometimes leave us thinking like Ferris Bueller: “How could I be expected to handle school on a day like … continue reading
As we see an increase in use of open source software, a well-managed supply chain and secure software delivery pipelines are critical for business success, according to Nureen D’Souza, leader of Capital One’s Open-Source Program Office and speaker at cdCon 2022. “It’s important to implement a company-wide culture with security ingrained that allows developers to … continue reading
Today at Apple’s Worldwide Developers Conference (WWDC 22), Apple announced many new features for iOS, iPadOS, macOS, and Watch OS. Updates for iOS 16 focused on the lock screen which can now showcase favorite photos, customize font styles, and display a set of widgets to get information at a glance. It also expands the availability … continue reading
As a backbone of software ecosystems, security is a massive driver for acquiring new customers and ensuring they’re able to use software securely. However, maleficent forces have, and will, find their way into applications regardless of how vast or tall security gates are set up. Recently, a critical vulnerability in Apache Log4j, a popular Java … continue reading
