The SolarWinds and Colonial Pipeline hacks have brought security to the fore of software development. Once again. And again, our “thoughts and prayers” go out to the customers of those companies, and the companies themselves, harmed by the attacks. I say this because, not unlike the mass shootings that plague America — and please, do … continue reading
Grafana 8.0 introduces new alerts that centralize alerting information Grafana managed alerts and alerts from Prometheus-compatible data sources within one UI and API. Grafana Labs also introduced a new data source: Alertmanager, which is in alpha and includes built-in support for Prometheus Alertmanager. Also, data sources can now send real-time updates to dashboards over a … continue reading
Apple announced a number of newly available APIs for developers, updates to the programming language Swift, App Store enhancements and new software features at its online 2021 Worldwide Developers Conference (WWDC 2021) today. “We’re thrilled to provide our developer community with powerful new tools and technologies to help create even more compelling and higher-quality apps, … continue reading
Checkmarx is the global leader in providing software security solutions that unify with modern application development initiatives like DevOps to reduce and remediate risk from software vulnerabilities. Checkmarx delivers the industry’s most comprehensive suite of Application Security Testing solutions and is trusted by more than 40 of the Fortune 100 companies and half of the … continue reading
Robert Haynes, open source and SCA evangelist at Checkmarx As the Application Security Testing (AST) pioneer and leader, Checkmarx has been relentless in our mission to continuously innovate, leading the industry with solutions that measurably improve security for software-driven organizations that develop their own applications. The Checkmarx suite of AST solutions fits perfectly into modern … continue reading
Recent large-scale attacks on enterprise and infrastructure security have led the federal government and private businesses to rethink the way they manage security. Last month’s ransomware attack on the Colonial Pipeline shut down the main part of its network for five days, affecting fuel supplies across the United States. Additionally, an attack on SolarWinds infrastructure … continue reading
As organizations look towards DevSecOps as a way to infuse security throughout the software development life cycle while at the same time accelerating releases, more sides of the business have their hands on deck regarding security. However, it’s still the security side that’s on the hook when a major breach happens. “People like to say … continue reading
Spectral’s newly released Preflight solution is an open-source tool designed to help developers defend against supply chain attacks by automatically verifying and safely executing a user’s CI and third-party scripts. The solution queries popular anti-malware services to verify and block binaries if they contain malware. “Hackers have become increasingly sophisticated, with a variety of tools, … continue reading
Application security initiatives and programs are getting good at getting down to where an organization’s data lives and protecting it against threats, but that is only one piece of the security puzzle. With limited amounts of time, resources and people available to tackle security, organizations have had to prioritize what gets protected. “For instance, an … continue reading
Too many companies are missing a key software component in their businesses: their software bill of materials (SBOM). A SBOM is a list of all the components that make up a piece of software. According to Brian Fox, chief technology officer at Sonatype, while some may think it is a trivial requirement, it provides transparency … continue reading
Amazon Redshift ML is now generally available. The cloud data warehouse enables users to create machine learning models and make predictions from data directly from their Amazon Redshift cluster. Users just have to use a simple SQL query to specify what data they want to use to train their model as well as the output … continue reading
The SaaS security company Detectify last week announced the general availability of its standalone application security tool: Ugly Duckling. The tool is designed to make easier for ethical hackers to share their latest findings on vulnerabilities and then integrate them into automated security tests on Detectify’s platform. It provides the tools to create more test … continue reading
