The past year saw a 430% increase in next-generation cyber attacks aimed at actively infiltrating open source software supply chains, according to the 2020 State of the Software Supply Chain report. In the past 12 months, 929 next-generation software supply chain attacks were recorded. By comparison, 216 such attacks were recorded between February 2015 and … continue reading
Datadog today is revealing its vision for bringing security and performance monitoring into a single platform in the form of updates and new product features for its cloud infrastructure monitoring platform. At its virtual DASH conference this week, the company announced Error Tracking, Incident Management, Compliance Monitoring and Continuous Profiler, rounding out its platform to … continue reading
The Office of the Comptroller of the Currency (OCC) assessed an $80 million civil money penalty against Capital One for its role in the 2019 hack of 100 million credit card applications. The OCC reached the decision due to “the bank’s failure to establish effective risk assessment processes prior to migrating significant information technology operations … continue reading
The Linux Foundation has announced a new collaboration effort to improve open-source security. The Open Source Security Foundation (OpenSSF) aims to consolidate industry efforts with targeted initiatives and best practices. According to the Linux Foundation, OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all … continue reading
BlackBerry announced new efforts to fight against cybersecurity attacks at this week’s Black Hat USA 2020 conference. The company’s new open-source tool PE Tree is designed to significantly reduce the time and effort required to reverse engineer malware. According to the company, with the use of PE Tree, reverse engineers can view portable executable (PE) … continue reading
The OpenTelemetry .NET SDK has reached beta. Developers can now begin integrating the OpenTelemetry .NET SDK into their applications and libraries to capture and export metrics and traces. The beta release also includes instrumentation libraries for ASP.NET, ASP.NET Core, HTTP client, SQL client, and gRPC client. While functional, beta components have not gone through thorough … continue reading
Security company Veracode has announced it will be offering a Security Labs Community Edition as a free-to-use alternative to its Enterprise Edition. This new edition will allow developers to hack and patch real applications, allowing them to learn new tactics and best practices in a controlled, safe environment. The company had recently partnered with Enterprise … continue reading
Cloudflare has unveiled a new serverless solution to compete with AWS Lambda. The release of Cloudflare Workers Unbound offers a serverless platform for developers to run complicated computing workloads across the Cloudflare network and pay only for what they use. According to the company, the new solution can save users up to 75% for the … continue reading
Apple launched the Security Research Device (SRD) Program this week to help improve security for iOS users and to bring more researchers to the iPhone. It features an iPhone dedicated exclusively to security research, with unique code execution and containment policies. According to Apple, it is not meant for personal use or daily carry, and … continue reading
Software assurance and cybersecurity company GrammaTech announced it will be acquiring code analysis company JuliaSoft. According to GrammaTech, the acquisition will help it expand the reach of the CodeSonar SAST platform to Java and C#. The new language support extends the automated detection of software vulnerabilities to enterprise use cases where safety and security are … continue reading
The recently released 2020 Open Source Security and Risk Analysis (OSSRA) report, produced by the Synopsys Cybersecurity Research Center (CyRC), found that of more than 1,250 codebases analyzed in 2019, not only did virtually 100% have some open-source components, but also that an average of 70% of the code was open source, nearly double the … continue reading
Applitools added AI auto-maintenance and smart assist to its end-to-end platform. AI powered smart assist automatically analyzes large batches of test results, often numbering in the hundreds or even thousands of tests. It then removes any redundancies by grouping similar visual and functional regressions together. “Test maintenance is a painstaking and error-prone task, which is … continue reading
