Topic: security

Stytch launches modernized Passwords

In an attempt to meet companies where they are in their transition to passwordless, Stytch introduced a new password-based authentication solution “rebooted for the modern era.” The idea behind the solution is to create a way for companies to ease into passwordless by not quitting passwords cold turkey since a full 85% of IT and … continue reading

Rafay Systems launches new open-source Kubernetes project

Rafay Systems launched a new open-source software project named Paralus to help keep users safe and applications secure on any Kubernetes environment for free. Paralus offers identity and access management throughout an organization by providing a single login zero-trust K8s solution to grant authorized users seamless and secure access to all clusters with a native … continue reading

How obfuscation can help with data breach mitigation

Data breaches are nothing new, but they have pretty consistently increased year-over-year. Despite the massive amounts of money companies invest into security to prevent breaches, they still commonly occur. According to a report from the Identity Theft Resource Center (ITRC), 2021 saw an all-time high of data breaches, 23% more than the previous all-time high.  … continue reading

If you don’t stop to secure DevOps as part of your VSM, you could miss it

Developers now encounter all kinds of tools and integrations coming at them from everywhere, for all parts of the software delivery process and an ever-increasing threat landscape.  Trying to handle security with DevOps these days can sometimes leave us thinking like Ferris Bueller: “How could I be expected to handle school on a day like … continue reading

How Capital One is strengthening the software supply chain

As we see an increase in use of open source software, a well-managed supply chain and secure software delivery pipelines are critical for business success, according to Nureen D’Souza, leader of Capital One’s Open-Source Program Office and speaker at cdCon 2022. “It’s important to implement a company-wide culture with security ingrained that allows developers to … continue reading

WWDC 22 introduces better collaboration and focus capabilities along with Passkey security

Today at Apple’s Worldwide Developers Conference (WWDC 22), Apple announced many new features for iOS, iPadOS, macOS, and Watch OS.  Updates for iOS 16 focused on the lock screen which can now showcase favorite photos, customize font styles, and display a set of widgets to get information at a glance. It also expands the availability … continue reading

Log4j is just the beginning – Secure your software with no-code DevOps orchestration

As a backbone of software ecosystems, security is a massive driver for acquiring new customers and ensuring they’re able to use software securely. However, maleficent forces have, and will, find their way into applications regardless of how vast or tall security gates are set up.   Recently, a critical vulnerability in Apache Log4j, a popular Java … continue reading

Lack of automation leaves companies vulnerable to attacks like Log4Shell and Spring4Shell

Sonatype found that nearly 70% of dependency management decisions are suboptimal in a study that evaluated 100,000 production applications and 4,000,000 open-source component migrations.  A large part of this is due to lack of security automation, explained Ax Sharma, senior security researcher, and advocate at Sonatype, in a webinar called “The Impact of Zero-Day Attacks … continue reading

SD Times Open-Source Project of the Week: CAS

Community Attestation Service (CAS) is an open-source service that helps users secure their software and is powered by Codenotary’s digital identity infrastructure. The project lets them create a Software Bill of Materials, notarize containers, and let others verify by running and provides a way to view notarized assets’ immutable history in immudb. CAS stores all … continue reading

Apple, Google, and Microsoft commit to expanding their support for FIDO Alliance

Apple, Google, and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.  Whereas previous implementations of passwordless verification required users to sign in to each website or app with each device before they can use passwordless functionality, now users will … continue reading

Sysdig releases new vulnerability prioritization feature

Sysdig announced the release of Risk Spotlight, a vulnerability prioritization feature based on runtime intelligence. The feature enables teams to reduce vulnerabilities by 95% and allows developers to focus on shipping applications faster, according to Sysdig.  It also delivers vulnerability details such as CVSS vector from multiple sources, the fix version, and links to publicly … continue reading

How to avoid the top 7 Java security pitfalls

Even before the Log4j vulnerability led to the targeting of nearly one-half of global corporate networks, Java applications have presented abundant opportunities for hackers. After all, there are so many components to protect – server-side logic, client-side logic, data storage, data transportation, APIs and others – that it’s daunting to defend everything. In fact, serious … continue reading

HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!