Topic: security

SD Times Open-Source Project of the Week: Wolfi

The primary goal behind Wolfi, which was announced a year ago, is to create secure, hardened containers with zero known CVEs, according to the project maintainers in a post.  Since its release, the team of maintainers at Chainguard, along with community contributors, has been focused on aiding developers in addressing software supply chain security challenges. … continue reading

Google Play updated with new features to keep users safer

Over the past few months, Google has provided updates on its significant privacy and security efforts, aiming to assist users in adapting to forthcoming changes and utilizing new tools and resources, such as improved account data transparency and controls available in the app’s Data Safety section and the introduction of new functionality for Android 14.  Google … continue reading

National Insider Threat Awareness Month (NITAM) focuses on insider threats

National Insider Threat Awareness Month (NITAM) is an annual event taking place in September. First held in 2019, its purpose is to educate both government and industry sectors about the dangers of those threats and the importance of programs to deal with the issue. Insider Threat Programs.  This year, NITAM 2023 focuses on the theme … continue reading

JFrog adds new ML model management and security capabilities

JFrog users can look forward to some new products across the company’s vast portfolio of DevOps products. At its SwampUP conference today, the company announced new management capabilities for machine learning (ML) models and released a new tool for writing and releasing secure applications. The new ML capabilities enable companies to detect and block malicious … continue reading

CISA releases roadmap for securing open-source software

Securing software supply chains has been a big focus of the Biden administration. In May 2021 President Joe Biden signed an executive order to improve cybersecurity, and since then it has made progress in providing guidance to companies on how to actually meet these cybersecurity goals.  Now the U.S. federal Cybersecurity & Infrastructure Security Agency … continue reading

NIST publishes new draft framework for integrating supply chain security into CI/CD pipelines

The National Institute of Standards and Technology (NIST) published a new draft document that outlines strategies for integrating software supply chain security measures into CI/CD pipelines.  Cloud-native applications typically use a microservices architecture with a centralized infrastructure like a service mesh. These applications are often developed using DevSecOps, which uses CI/CD pipelines to guide software … continue reading

SD Times Open-Source Project of the Week: Contrast Security Generative AI Policy

The main goal of this project created by Contrast Security is to create a clear and usable policy for managing privacy and security risks when utilizing Generative AI and Large Language Models (LLMs) in organizations, according to the project’s GitHub page.  The policy primarily aims to address several key concerns: 1. Avoid situations where ownership … continue reading

CNCF’s Notary and Notation projects get major update

Notary, the CNCF project that provides cross-industry standards for supply chain security, has announced a major release.  This brings both the Notary Project and Notation Project to version 1.0.0. Notation is a sub-project that implements Notary specifications.  Included in this release are an OCI signature specification, OCI COSE signature envelope, OCI JWS signature envelope, OCI … continue reading

Sonatype Drives Intelligent Software Security with New Product Enhancements

Fulton, Md., Aug. 21, 2023 (GLOBE NEWSWIRE) — Sonatype, the pioneer of software supply chain management, has announced new product capabilities for Sonatype Repository Firewall, Sonatype Nexus Repository and Sonatype Lifecycle. Bolstering Sonatype’s industry-leading software supply chain management platform, these enhancements are designed to give organizations greater control of their software development life cycle (SDLC) while meeting the evolving needs … continue reading

Simplify security testing from end-to-end

As companies across the globe race to fortify their cybersecurity defenses, they’re increasingly finding themselves navigating a complex maze when it comes to security testing. The past decade of innovation has produced an ecosystem now booming with countless tools, yet aligning these tools together, and avoiding tool sprawl, is proving to have its own set of … continue reading

Google has added new privacy features in Search

Google announced that it is rolling out new tools and protections to help users stay in control of their personal information, privacy, and online safety. The “Results about you” tool has been updated and enhanced, enabling users to better manage their personal contact information on Google Search. It alerts users when their contact information appears … continue reading

Sonar’s new SAST tool includes support for thousands of open-source libraries

The developer security company Sonar has announced an update to its platform, which will make it even easier for developers to write what Sonar calls “Clean Code,” or code that is “easy to read, maintain, understand and change through structure and consistency yet remains robust and secure to withstand performance demands.” The company has added … continue reading

DMCA.com Protection Status