Topic: security

The key to successful secrets management is to make the best way the easiest way

Most organizations understand the value of secrets management — which is the practice of securely storing development credentials like API keys, certificates, and SSH keys — but not all organizations are following secure secrets management practices. According to the secrets management provider Bitwarden’s 2024 developer survey, which polled 600 developers across different industries, 86% of … continue reading

Red Hat Trusted Software Supply Chain gets updated with three new offerings

Red Hat is expanding its Red Hat Trusted Software Supply Chain solution with new offerings that will enable customers to ensure software components are verified and secured.  The first new addition is Red Hat Trusted Artifact Signer, now generally available, which allows developers to cryptographically sign and verify application artifacts with a keyless certificate authority.  … continue reading

Report: Java is the language that’s most prone to third-party vulnerabilities

According to Datadog’s State of DevSecOps 2024 report, 90% of Java services have at least one or more critical or higher severity vulnerabilities.  This is compared to around 75% for JavaScript services, 64% for Python, and 50% for .NET. The average for all languages studied was 47% The company found that Java services are also … continue reading

Implement a good secrets management practice to reduce your security risk

Supply chain security has been a big topic of conversation over the past several years, and while many of the conversations have revolved around insecure third-party components in codebases, there’s another part of the supply chain that could have a negative impact if not secured properly: secrets.  Max Power, product lead for Bitwarden Secrets Manager, … continue reading

Synopsys hopes to mitigate upstream risks in software supply chains with new SCA tool

Synopsys has released a new solution to help companies manage upstream risks of software supply chains. Black Duck Supply Chain Edition does software composition analysis (SCA) that makes use of a number of security analysis techniques to determine the components in a piece of software, such as package dependency, CodePrint, snippet, binary, and container analysis.  … continue reading

premium The importance of security testing

With more development teams today using open-source and third-party components to build out their applications, the biggest area of concern for security teams has become the API. This is where vulnerabilities are likely to arise, as keeping on top of updating those interfaces has lagged. In a recent survey, the research firm Forrester asked security … continue reading

Open source in 2024: Tackling challenges related to security, AI, and long-term sustainability

The first piece of open source code was published just over 70 years ago, and now open-source software finds itself in almost every application that exists today.  A 2024 report from Synopsys found that the average application has over 500 open source components in it, and most recent industry reports show that over 95% of … continue reading

Google Safe Browsing now performs real-time checks in privacy-preserving manner

Google has announced a new way to further protect its privacy-minded users who are browsing using Google Safe Browsing, which is a Google Search setting that warns users when they may be entering a potentially dangerous site.  While it has warned users about harmful sites across 5 billion devices since its launch 15 years ago, … continue reading

New Relic adds proof-of-exploit reporting to its IAST tool

New Relic has introduced enhanced features to its Interactive Application Security Testing (IAST) tool, including a novel proof-of-exploit reporting function for more effective application security testing.  This update allows New Relic’s users to pinpoint exploitable vulnerabilities within their applications, allowing them to replicate issues for easier remediation before they release new software versions. This advancement … continue reading

Biden-Harris Administration to require secure software development attestation form for government software

As part of its ongoing efforts to improve cybersecurity, the Biden-Harris Administration has announced that it has approved a secure software development attestation form. The form, which was jointly developed by CISA and the Office of Management and Budget (OMB), will be required to be filled out by any company providing software that the Government … continue reading

WSO2 updates Identity Server with a new API that allows for browser-less authentication

WSO2 is updating its open-source identity and access management (IAM) software, Identity Server. Key highlights of Identity Server 7.0 include a new authentication API, a new visual editor, and one-click access to application templates. The new authentication API allows developers to build authentication flows that happen directly in an application rather than redirecting to a … continue reading

Report: Security suffering due to a “zombie code” apocalypse

A majority of codebases contain outdated components, or “zombie code,” which can result in unpatched vulnerabilities lingering long after they should have been fixed. According to Synopsys’ Open Source Security and Risk Analysis report, which was released today, 91% of codebases contain components that are at least 10 versions out-of-date. Furthermore, 49% of codebases contain … continue reading

DMCA.com Protection Status