As many organizations are bolstering up their security measures, hackers have shifted their focus to smaller and more concentrated attacks, according to Daniel Fonseca, senior solutions engineer at Kiuwan in the webinar “Preventing common vulnerabilities with Kiuwan’s SAST, SCA, and QA tools.” The National Vulnerability Database (NVD) said there were over 20,000 security vulnerabilities CVE … continue reading
The World Wide Web Consortium (W3C) announced that Decentralized Identifiers (DIDs) v1.0 is now an official web standard. The new type of verifiable identifier doesn’t require a centralized registry and it will enable individuals and organizations to take better control of their online information while providing greater security and privacy, according to W3C. Users will … continue reading
In an attempt to meet companies where they are in their transition to passwordless, Stytch introduced a new password-based authentication solution “rebooted for the modern era.” The idea behind the solution is to create a way for companies to ease into passwordless by not quitting passwords cold turkey since a full 85% of IT and … continue reading
Rafay Systems launched a new open-source software project named Paralus to help keep users safe and applications secure on any Kubernetes environment for free. Paralus offers identity and access management throughout an organization by providing a single login zero-trust K8s solution to grant authorized users seamless and secure access to all clusters with a native … continue reading
Data breaches are nothing new, but they have pretty consistently increased year-over-year. Despite the massive amounts of money companies invest into security to prevent breaches, they still commonly occur. According to a report from the Identity Theft Resource Center (ITRC), 2021 saw an all-time high of data breaches, 23% more than the previous all-time high. … continue reading
Developers now encounter all kinds of tools and integrations coming at them from everywhere, for all parts of the software delivery process and an ever-increasing threat landscape. Trying to handle security with DevOps these days can sometimes leave us thinking like Ferris Bueller: “How could I be expected to handle school on a day like … continue reading
As we see an increase in use of open source software, a well-managed supply chain and secure software delivery pipelines are critical for business success, according to Nureen D’Souza, leader of Capital One’s Open-Source Program Office and speaker at cdCon 2022. “It’s important to implement a company-wide culture with security ingrained that allows developers to … continue reading
Today at Apple’s Worldwide Developers Conference (WWDC 22), Apple announced many new features for iOS, iPadOS, macOS, and Watch OS. Updates for iOS 16 focused on the lock screen which can now showcase favorite photos, customize font styles, and display a set of widgets to get information at a glance. It also expands the availability … continue reading
As a backbone of software ecosystems, security is a massive driver for acquiring new customers and ensuring they’re able to use software securely. However, maleficent forces have, and will, find their way into applications regardless of how vast or tall security gates are set up. Recently, a critical vulnerability in Apache Log4j, a popular Java … continue reading
Sonatype found that nearly 70% of dependency management decisions are suboptimal in a study that evaluated 100,000 production applications and 4,000,000 open-source component migrations. A large part of this is due to lack of security automation, explained Ax Sharma, senior security researcher, and advocate at Sonatype, in a webinar called “The Impact of Zero-Day Attacks … continue reading
Community Attestation Service (CAS) is an open-source service that helps users secure their software and is powered by Codenotary’s digital identity infrastructure. The project lets them create a Software Bill of Materials, notarize containers, and let others verify by running and provides a way to view notarized assets’ immutable history in immudb. CAS stores all … continue reading
Apple, Google, and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. Whereas previous implementations of passwordless verification required users to sign in to each website or app with each device before they can use passwordless functionality, now users will … continue reading
