Topic: security

Microsoft’s Secure Future Initiative promises to address emerging and evolving security landscape

In response to the “increasing speed, scale, and sophistication of cyberattacks,” Microsoft has announced its Secure Future Initiative.  “The past year has brought to the world an almost unparalleled and diverse array of technological change,” Brad Smith, vice chair and president of Microsoft, wrote in a blog post.  “Advances in artificial intelligence are accelerating innovation … continue reading

GitGuardian unveils “HasMySecretLeaked” to bring leak detection to DevOps pipelines

GitGuardian introduced a free tool called ‘HasMySecretLeaked’ to assist security engineers in proactively checking if their organization’s confidential information has been exposed on  This tool addresses the challenge of safeguarding secrets in the cloud-native application development realm, where organizations struggle with secrets spreading across developer tools. According to the company, these secrets are also … continue reading

Google enables passkeys as default authentication method in Google Accounts

Google is making passkeys more accessible by offering them as the default option for authentication across personal Google Accounts. In the future, when you log in to your account, users will be prompted to create and use passkeys for easier sign-ins. Additionally, the “Skip password when possible” option in Google Account settings will be enabled. … continue reading

SD Times Open-Source Project of the Week: OpenPubkey

OpenPubkey is an open-source cryptographic protocol that hopes to strengthen security in the open source ecosystem. It makes use of the authentication framework OpenID Connect, enabling users to sign artifacts using their OpenID identity. This enables the use of supply chain security features like signed builds, deployments, and code commits.  It was developed at BastionZero, … continue reading

Sonatype shines light on current state of supply chain security in latest report

In 2023, there was an 18% decline in the number of open-source projects that are considered to be “actively maintained.” This is according to Sonatype’s Annual State of the Software Supply Chain Report.  The report claims that only 11% of open-source projects are actually actively maintained.  Despite these flaws, Sonatype still says that 96% of … continue reading

SD Times Open-Source Project of the Week: Wolfi

The primary goal behind Wolfi, which was announced a year ago, is to create secure, hardened containers with zero known CVEs, according to the project maintainers in a post.  Since its release, the team of maintainers at Chainguard, along with community contributors, has been focused on aiding developers in addressing software supply chain security challenges. … continue reading

Google Play updated with new features to keep users safer

Over the past few months, Google has provided updates on its significant privacy and security efforts, aiming to assist users in adapting to forthcoming changes and utilizing new tools and resources, such as improved account data transparency and controls available in the app’s Data Safety section and the introduction of new functionality for Android 14.  Google … continue reading

National Insider Threat Awareness Month (NITAM) focuses on insider threats

National Insider Threat Awareness Month (NITAM) is an annual event taking place in September. First held in 2019, its purpose is to educate both government and industry sectors about the dangers of those threats and the importance of programs to deal with the issue. Insider Threat Programs.  This year, NITAM 2023 focuses on the theme … continue reading

JFrog adds new ML model management and security capabilities

JFrog users can look forward to some new products across the company’s vast portfolio of DevOps products. At its SwampUP conference today, the company announced new management capabilities for machine learning (ML) models and released a new tool for writing and releasing secure applications. The new ML capabilities enable companies to detect and block malicious … continue reading

CISA releases roadmap for securing open-source software

Securing software supply chains has been a big focus of the Biden administration. In May 2021 President Joe Biden signed an executive order to improve cybersecurity, and since then it has made progress in providing guidance to companies on how to actually meet these cybersecurity goals.  Now the U.S. federal Cybersecurity & Infrastructure Security Agency … continue reading

NIST publishes new draft framework for integrating supply chain security into CI/CD pipelines

The National Institute of Standards and Technology (NIST) published a new draft document that outlines strategies for integrating software supply chain security measures into CI/CD pipelines.  Cloud-native applications typically use a microservices architecture with a centralized infrastructure like a service mesh. These applications are often developed using DevSecOps, which uses CI/CD pipelines to guide software … continue reading

SD Times Open-Source Project of the Week: Contrast Security Generative AI Policy

The main goal of this project created by Contrast Security is to create a clear and usable policy for managing privacy and security risks when utilizing Generative AI and Large Language Models (LLMs) in organizations, according to the project’s GitHub page.  The policy primarily aims to address several key concerns: 1. Avoid situations where ownership … continue reading Protection Status