The Linux Technical Advisory Board (TAB) released a new report to show the remediation measures that were undertaken after researchers from the University of Minnesota (UMN) submitted compromised code submissions to the Linux kernel. UMN previously submitted many big fixes that were merged into kernel releases as part of an, but the breach of trust … continue reading
Today is World Password Day 2021, and while companies are touting the best password management practices, Google is hoping someday we won’t have to worry about them at all. According to the company, even the strongest passwords can be compromised. “You may not realize it, but passwords are the single biggest threat to your online … continue reading
The COVID-19 pandemic has led teams to focus on embracing DevOps technologies such as Kubernetes, ML/AI and cloud computing, and as a result, 84% of developers say they’re releasing code faster than ever before. That was one of the key findings in GitLab’s fifth annual DevSecOps survey, which this February asked 4,300 DevOps team members … continue reading
CodeLogic announced a new automated approach that enables developers to quickly generate a centralized, living map of complex system architectures such as ServiceNow, RedHat and Linux. Developers can then use this to determine how to handle code refactoring and rewrites, and safely explore new features, according to the company. The new solution enables developers to … continue reading
With the acquisition of my company, StackRox, by cloud-native technology vendor Red Hat, it seems like a good time to reflect on the state of cloud-native security. Security in the cloud has been my life for the past five years, and it’s changed very quickly as new cloud-native platforms have taken over the industry. We’ve … continue reading
The University of Minnesota’s Computer Science and Engineering Department security researchers are facing intense scrutiny from the Linux community for intentionally trying to insert bugs into Linux patches. The buggy patches were a part of the research paper On the Feasibility of Stealthily Introducing Vulnerabilities in Open Source Software via Hypocrite Commits. The paper stated: … continue reading
Gremlin has added Automatic Service Discovery to its chaos engineering platform in an effort to help companies improve resilience and reduce downtime by identifying the various services running across distributed systems. “The rise in popularity of microservices necessitate services functioning as first-class citizens. The infrastructure layer is becoming more abstract and engineers are increasingly thinking … continue reading
Teller is an open-source productivity secret manager that aims to help developers with cloud-native apps and multiple cloud providers. The tool was built by developer-first cybersecurity company Spectral as a way to tackle the “last mile problem” of securing sensitive access and preventing data leaks. With Teller, developers never have to leave their terminal to … continue reading
Google has announced the third developer preview of its upcoming 12.0 release. The latest preview includes a new app launch experience, new video and camera capabilities and new permissions for exact alarms that help users save battery. Developers can use new splash screen APIs and resources to manage the splash screen window’s background color, replace … continue reading
Automating policy enforcement is a key component of ensuring development teams are releasing secure applications in today’s fast-paced, cloud-native world. Many DevSecOps teams are achieving this by utilizing policy as code. According to Tim Hinrichs, co-founder of Styra, policy as code provides a specific file format for policy that is readable by machines, which allows … continue reading
The warranty on your car is about to expire. Press 1 to purchase an extension. Someone has stolen your bank information. Click here to change your social security number. Your grandchild has been kidnapped. Send money to help us return the child safely. We get phishing emails like these literally all day long, and now … continue reading
I’ve spent most of my professional life convincing businesses to shift things left — shift-left testing for software, shift-left demand and supply forecasts for supply chains, shift-left analytics to understand future implications earlier than your competition. Hopefully that explains why it seems heretical for me to talk about shift-right testing at all. Will shift-right testing … continue reading
