Topic: security

Copado introduces new DevSecOps training module

Copado, the low-code DevOps company, today launched a new DevSecOps training module in order to make software releases faster and more secure. The module is currently available in the Copado Community. “Without DevSecOps best practices, software releases can be plagued with quality and security issues, costing more time and money post-production to correct them,” said … continue reading

Cloudera launches new data lakehouse for analytics

Cloudera announced the launch of Cloudera Data Platform (CDP) One, an all-in-one data lakehouse software for analytics and exploratory data science.  The service has built-in enterprise security and machine learning that requires no security or monitoring operations staff, helping companies move to cloud computing for analytics and data.  “Empowering everyone in your business to get … continue reading

MVP does not have to mean “Most Vulnerable Product”

Almost any company writing software today understands and glorifies the concept of Minimum Viable Product. Creating something that is just good enough for customers to successfully use it is enshrined as the most parsimonious path to profits. MVP has over time taken on additional freight as a general term connoting faster time-to-market for features or … continue reading

Checkmarx API Security released to shift API security left

Checkmarx API Security was launched to empower the partnership between the developer and AppSec teams of an organization and is delivered as part of the Checkmarx One application security platform.  Because APIs are used to access data and to call application functionality, they are easily exposed but difficult to defend which creates a large and … continue reading

New CI/CD configuration policies added to Checkov

Checkov, the open-source tool for finding infrastructure misconfigurations, has been updated with new CI/CD configuration policies. These policies can be applied across popular CI/CD frameworks like GitHub Actions, GitLab Runners, BitBucket Pipelines, CircleCI, and Argo.  Checkov has a developer-first approach to supply chain security, so it embeds these CI/CD policies directly into existing DevOps workflows … continue reading

Harness releases Security Testing Orchestration

Harness Security Testing Orchestration (STO) was launched today to help businesses deliver value quicker by increasing velocity and security in deployments. The tool automates security scanning and governance in the software delivery process. Although DevSecOps gets rid of many late-stage security concerns, it also forces developers to balance quality and speed at which to deliver … continue reading

Opsera introduces GitCustodian to protect source code repositories

The team at Opsera, the Continuous Orchestration platform for DevOps, today announced the release of Opsera GitCustodian. This new solution is intended to alert security and DevOps teams of vulnerable data found in source code repositories so that they can prevent vulnerabilities from making it to production. GitCustodian also works to automate the remediation process … continue reading

Asking developers to do security is a risk in itself without training

As the pace and complexity of software development increases, organizations are looking for ways to improve the performance and effectiveness of their application security testing, including “shifting left” by integrating security testing directly into developer tools and workflows. This makes a lot of sense, because defects, including security defects, can often be addressed faster and … continue reading

Combining Static Application Security Testing (SAST) and Software Composition Analysis (SCA) Tools

When creating, testing, and deploying software, many development companies now use proprietary software and open source software (OSS).    Proprietary software, also known as closed-source or non-free software, includes applications for which the publisher or another person reserves licensing rights to modify, use, or share modifications. Examples include Adobe Flash Player, Adobe Photoshop, macOS, Microsoft … continue reading

SAST, SCA & QA are the best tools to combat hackers’ smaller, more sophisticated attacks

As many organizations are bolstering up their security measures, hackers have shifted their focus to smaller and more concentrated attacks, according to Daniel Fonseca, senior solutions engineer at Kiuwan in the webinar “Preventing common vulnerabilities with Kiuwan’s SAST, SCA, and QA tools.” The National Vulnerability Database (NVD) said there were over 20,000 security vulnerabilities CVE … continue reading

W3C announced Decentralized Identifiers (DIDs) v1.0 as official web standard

The World Wide Web Consortium (W3C) announced that Decentralized Identifiers (DIDs) v1.0 is now an official web standard.  The new type of verifiable identifier doesn’t require a centralized registry and it will enable individuals and organizations to take better control of their online information while providing greater security and privacy, according to W3C.  Users will … continue reading

Stytch launches modernized Passwords

In an attempt to meet companies where they are in their transition to passwordless, Stytch introduced a new password-based authentication solution “rebooted for the modern era.” The idea behind the solution is to create a way for companies to ease into passwordless by not quitting passwords cold turkey since a full 85% of IT and … continue reading

DMCA.com Protection Status