As security and privacy grow in importance, regulatory compliance is becoming an increasing priority for most businesses. But let’s just say it: compliance audits are not fun. That’s especially true when it comes to engineering and development teams, who are tasked with gathering all of the relevant data – in other words, evidence – needed … continue reading
LogDNA announced a new browser logging capability designed to enable full-stack and front-end developers to ingest frontend log data into LogDNA more efficiently to debug web applications. The new feature automatically captures errors and logs occurring in the user’s browser and allows dev teams to centralize those errors alongside server-side logs, according to the company. … continue reading
The Linux Technical Advisory Board (TAB) released a new report to show the remediation measures that were undertaken after researchers from the University of Minnesota (UMN) submitted compromised code submissions to the Linux kernel. UMN previously submitted many big fixes that were merged into kernel releases as part of an, but the breach of trust … continue reading
Today is World Password Day 2021, and while companies are touting the best password management practices, Google is hoping someday we won’t have to worry about them at all. According to the company, even the strongest passwords can be compromised. “You may not realize it, but passwords are the single biggest threat to your online … continue reading
The COVID-19 pandemic has led teams to focus on embracing DevOps technologies such as Kubernetes, ML/AI and cloud computing, and as a result, 84% of developers say they’re releasing code faster than ever before. That was one of the key findings in GitLab’s fifth annual DevSecOps survey, which this February asked 4,300 DevOps team members … continue reading
CodeLogic announced a new automated approach that enables developers to quickly generate a centralized, living map of complex system architectures such as ServiceNow, RedHat and Linux. Developers can then use this to determine how to handle code refactoring and rewrites, and safely explore new features, according to the company. The new solution enables developers to … continue reading
With the acquisition of my company, StackRox, by cloud-native technology vendor Red Hat, it seems like a good time to reflect on the state of cloud-native security. Security in the cloud has been my life for the past five years, and it’s changed very quickly as new cloud-native platforms have taken over the industry. We’ve … continue reading
The University of Minnesota’s Computer Science and Engineering Department security researchers are facing intense scrutiny from the Linux community for intentionally trying to insert bugs into Linux patches. The buggy patches were a part of the research paper On the Feasibility of Stealthily Introducing Vulnerabilities in Open Source Software via Hypocrite Commits. The paper stated: … continue reading
Gremlin has added Automatic Service Discovery to its chaos engineering platform in an effort to help companies improve resilience and reduce downtime by identifying the various services running across distributed systems. “The rise in popularity of microservices necessitate services functioning as first-class citizens. The infrastructure layer is becoming more abstract and engineers are increasingly thinking … continue reading
Teller is an open-source productivity secret manager that aims to help developers with cloud-native apps and multiple cloud providers. The tool was built by developer-first cybersecurity company Spectral as a way to tackle the “last mile problem” of securing sensitive access and preventing data leaks. With Teller, developers never have to leave their terminal to … continue reading
Google has announced the third developer preview of its upcoming 12.0 release. The latest preview includes a new app launch experience, new video and camera capabilities and new permissions for exact alarms that help users save battery. Developers can use new splash screen APIs and resources to manage the splash screen window’s background color, replace … continue reading
Automating policy enforcement is a key component of ensuring development teams are releasing secure applications in today’s fast-paced, cloud-native world. Many DevSecOps teams are achieving this by utilizing policy as code. According to Tim Hinrichs, co-founder of Styra, policy as code provides a specific file format for policy that is readable by machines, which allows … continue reading
