Sonatype: The company’s Nexus Platform automatically enforces open-source governance and controls risk across every phase of the SDLC. Fueled by Nexus Intelligence which includes in-depth security, license, and quality information on millions of open-source components across dozens of ecosystems, the platform precisely identifies open-source risk and provides expert remediation guidance, empowering developers to innovate faster. … continue reading
Brian Fox, CTO of Sonatype: Today, more than 1,200 companies rely on the Nexus platform to unite software developers, security professionals, and IT operations on the same team so they can continuously identify and remediate open-source risk, without slowing down innovation. When speed is critical, Nexus ensures that controls keep pace and that innovation prospers. … continue reading
Security has become ever more important in the development process, as vulnerabilities last year caused the 2nd, 3rd and 7th biggest breaches of all time measured by the number of people that were affected. This has exposed the industry’s need for more effective use of security tooling within software development as well as the need … continue reading
Security Compass introduced the new DevOps tool category Balanced Development Automation (BDA) in order to empower organizations to build secure digital products without compromising time to market. According to the company, development teams usually have to choose between “fast and risk” or “slow and safe.” BDA aims to improve processes that are manual, inconsistent, silo … continue reading
WhiteSource has announced it will now integrate with Microsoft Visual Studio Code Editor. According to the company, the integration gives Visual Studio Code developers visibility and security alerts on problematic open-source components while continuing to develop within their preferred development environment. “Integrating security testing pre-build allows issues to be detected earlier when they are easier … continue reading
Microsoft has released new data to show how the pandemic is accelerating the digital transformation of cybersecurity. According to the data, 58% of respondents report that they have increased their security budgets due to COVID-19, 82% plan on adding more security staff, and 81% feel pressure to lower security costs. “The role of security in … continue reading
In response to COVID-19, the Angular team announced that it will extend AngularJS LTS by 6 months until the 31st of December 2021. After the LTS ends, the AngularJS package will still be available on npm, bower, and CDNs. “With the release of version 10 of Angular we continue to move the platform forward with … continue reading
The past year saw a 430% increase in next-generation cyber attacks aimed at actively infiltrating open source software supply chains, according to the 2020 State of the Software Supply Chain report. In the past 12 months, 929 next-generation software supply chain attacks were recorded. By comparison, 216 such attacks were recorded between February 2015 and … continue reading
Datadog today is revealing its vision for bringing security and performance monitoring into a single platform in the form of updates and new product features for its cloud infrastructure monitoring platform. At its virtual DASH conference this week, the company announced Error Tracking, Incident Management, Compliance Monitoring and Continuous Profiler, rounding out its platform to … continue reading
The Office of the Comptroller of the Currency (OCC) assessed an $80 million civil money penalty against Capital One for its role in the 2019 hack of 100 million credit card applications. The OCC reached the decision due to “the bank’s failure to establish effective risk assessment processes prior to migrating significant information technology operations … continue reading
The Linux Foundation has announced a new collaboration effort to improve open-source security. The Open Source Security Foundation (OpenSSF) aims to consolidate industry efforts with targeted initiatives and best practices. According to the Linux Foundation, OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all … continue reading
BlackBerry announced new efforts to fight against cybersecurity attacks at this week’s Black Hat USA 2020 conference. The company’s new open-source tool PE Tree is designed to significantly reduce the time and effort required to reverse engineer malware. According to the company, with the use of PE Tree, reverse engineers can view portable executable (PE) … continue reading
