Topic: security
Enterprise open source and the security of the software supply chain
In late 2021, a vulnerability was detected in the Java logging package Log4j, which is the most popular framework for logging in Java. It is used in millions of applications. Not only that, but it is used as a dependency in over 7,000 open-source projects, according to research from software security company Sonatype. Given the … continue reading
Mirage 4.0 available with updates to the compiler
The library operating system MirageOS 4.0 has been released with better integrations and a significant change in how MirageOS compiles projects. The project constructs unikernels for secure, high-performance, low-energy footprint applications across various hypervisor and embedded platforms. The MirageOS networking code powers Docker Desktop’s VPNKit and is also in use in Citrix Hypervisor, Nitrokey, Robur, … continue reading
SD Times Open-Source Project of the Week: xGitGuard
xGitGuard is a tool built by Comcast to keep inadvertently uploaded authentication secrets out of GitHub repositories that is now available as open-source software. It can be used to scan GitHub at scale and identify proprietary authentication secrets, specifically passwords, API keys, and tokens. Development teams can use xGitGuard to identify credentials in their own … continue reading
Secure Code Warrior launches GitLab integration
Secure Code Warrior, a global security organization, has joined GitLab’s global partner program. This new partnership means that Secure Code Warrior will make its learning platform available to developers on GitLab’s DevOps platform. This integration will work to enhance real-time secure coding guidance, which is an important piece of the process of detecting and fixing … continue reading
Prevention in the age of the never-ending attack surface
When we talk about progress, typically, digital advancement is at the forefront of the conversation. We want everything better, faster, more convenient, more powerful, and we want to do it for less money, time, and risk. For the most part, these “impossible” objectives are eventually met; it might take several years and multiple versions (and … continue reading
Security and usability are not mutually exclusive in mobile applications
Organizations that build or maintain mobile applications have a greater responsibility than ever to secure their applications as the number of application downloads continues to grow. 3.8 billion smartphone users accounted for 218 billion app downloads in 2020 alone. Zimperium conducted a survey last year in which 250 enterprises described the security issues they struggled … continue reading
Google Identity Services update makes it easier to implement authentication
Last year, Google announced Google Identity Services (GIS), which is a set of APIs that consolidated several identity offerings from the company. Included in the GIS development kit are the Sign in with Google button and the authentication prompt One Tap. Now, Google is adding an authorization feature to GIS to bolster the offerings of … continue reading
Report: 64% of companies were impacted by supply chain attacks mostly due to increased OSS reliance
The software industry’s reliance on open source along with a sharp increase in open source software (OSS) dependencies helped to make supply chains a major security target. 64% of organizations were impacted by a software supply chain attack in the last year according to a recent report. The report, The 2022 State of the Software … continue reading
Kong Enterprise 2.7 released with 25% improved performance
API company Kong announced the general availability of Kong Enterprise 2.7, which delivers 25% faster performance compared to previous versions, improved security, and streamlined workflows. Kong Enterprise is a service connectivity platform that enables organizations to secure, connect and orchestrate their APIs and services across cloud native, hybrid and on-premise environments. The new version achieved … continue reading
Security perimeter is no more as attack surface continues to expand
For a long time, security teams have been able to mostly rely on the safety of a security perimeter, but with things like IoT, embedded development, and now remote and hybrid work, this notion of a defensible perimeter is totally gone. Having all of these connected devices that don’t live under one network expands the … continue reading
OpenSSF announces new project for improving supply chain security
OpenSSF announced the Alpha-Omega Project to improve the security posture of open-source software by working together with software security experts. Microsoft and Google are supporting the project, which aims to improve global OSS supply chain security by working with project maintainers to systematically look for new, as-yet-undiscovered vulnerabilities in open source code with a $5 … continue reading
Codefresh Software Delivery Platform now generally available
Codefresh launched the Codefresh Software Delivery Platform (CSDP), which brings the Argo toolset, including Workflows, Events, CD, and Rollouts, into a single platform. Argo is an open-source project that Codefresh maintains that offers tools for running workflows and managing clusters in Kubernetes. “Enterprise-class tooling for Argo – built on GitOps best practices – enables faster … continue reading
