Recent large-scale attacks on enterprise and infrastructure security have led the federal government and private businesses to rethink the way they manage security. Last month’s ransomware attack on the Colonial Pipeline shut down the main part of its network for five days, affecting fuel supplies across the United States. Additionally, an attack on SolarWinds infrastructure … continue reading
As organizations look towards DevSecOps as a way to infuse security throughout the software development life cycle while at the same time accelerating releases, more sides of the business have their hands on deck regarding security. However, it’s still the security side that’s on the hook when a major breach happens. “People like to say … continue reading
Spectral’s newly released Preflight solution is an open-source tool designed to help developers defend against supply chain attacks by automatically verifying and safely executing a user’s CI and third-party scripts. The solution queries popular anti-malware services to verify and block binaries if they contain malware. “Hackers have become increasingly sophisticated, with a variety of tools, … continue reading
Application security initiatives and programs are getting good at getting down to where an organization’s data lives and protecting it against threats, but that is only one piece of the security puzzle. With limited amounts of time, resources and people available to tackle security, organizations have had to prioritize what gets protected. “For instance, an … continue reading
Too many companies are missing a key software component in their businesses: their software bill of materials (SBOM). A SBOM is a list of all the components that make up a piece of software. According to Brian Fox, chief technology officer at Sonatype, while some may think it is a trivial requirement, it provides transparency … continue reading
Amazon Redshift ML is now generally available. The cloud data warehouse enables users to create machine learning models and make predictions from data directly from their Amazon Redshift cluster. Users just have to use a simple SQL query to specify what data they want to use to train their model as well as the output … continue reading
The SaaS security company Detectify last week announced the general availability of its standalone application security tool: Ugly Duckling. The tool is designed to make easier for ethical hackers to share their latest findings on vulnerabilities and then integrate them into automated security tests on Detectify’s platform. It provides the tools to create more test … continue reading
The newly announced OpenAI Startup Fund is investing $100 million to partner with a small number of early-stage startups that are involved in fields that have a lot of potential for AI like health care, climate change and education. The companies in the fund will also get early access to future OpenAI systems, support from … continue reading
The SmartBear and application stability management company Bugsnag announced new error monitoring capabilities designed to improve collaboration and team alignments. The features are designed to support code ownership and accelerate the debugging process, especially for large engineering teams, according to the company. “Most apps have a variety of engineers, including separate engineering teams, working from … continue reading
Atlassian announced that its next-generation cloud app development platform, Forge, is now generally available. Forge has been in beta since the beginning of 2020 and is designed to handle many of the maintenance aspects of app creation such as compliance, data management practices, scaling performance and security. “Forge is the culmination of over 2 years … continue reading
The global IT service company Tata Consultancy Services (TCS) announced that the ninth season of its TCS CodeVita won a Guinness World Record for being the world’s largest computer programming competition totaling 136,054 participants. The 2021 competition brought together college students from around the world to see who ranked among the top student programmers globally. … continue reading
Microsoft announced a new open-source initiative, SimuLand, to help security researchers deploy lab environments that reproduce well-known techniques used in attack scenarios. Participants can use the labs to then test the effectiveness of Microsoft 365 Defender, Azure Defender, and Azure Sentinel detections. The simulation steps are mapped to detection queries and alerts to the aforementioned … continue reading
