Software security continues to be a top priority for organizations and development teams, but they are still struggling to address vulnerabilities in their applications. A recently released report revealed while organizations are beginning to increase their application testing efforts, their remediation rates are falling. The 2019 WhiteHat Application Security Statistics report is based on data … continue reading
Microsoft is boosting its efforts to make Azure more secure with the launch of Azure Security Lab, a set of dedicated cloud hosts for security researchers to test attacks against IaaS scenarios. In addition, the cloud giant is doubling the top bounty reward for Azure vulnerabilities to $40,000. “To make it easier for security researchers … continue reading
Microsoft announced the general availability for the Azure Security Center for IoT to protect the growing number of IoT deployments. According to IDC, IoT deployments will continue to grow at double digit rates until IoT surpasses $1 trillion in 2022. Azure Security Center provides threat intelligence, creates a list of potential threats and ranks them … continue reading
A crystal ball presentation on the future of application security at the Gartner Security and Risk Management Summit this year caught the eye of us in the software security space. In case you missed it, the top-line predictions were: By 2022, software composition analysis (SCA) will surpass traditional AST tools (SAST, DAST) as the primary … continue reading
Capital One is the latest company to suffer from a hack attack. A configuration vulnerability provided unauthorized access to a hacker who was able to obtain personal information of about 100 million U.S. individuals and 6 million Canadian individuals. RELATED CONTENT: The costs of data breaches are rising “We believe that a highly sophisticated individual … continue reading
The upcoming version of the Android operating system is taking a strong focus on privacy, but the Electronic Frontier Foundation (EFF) believes it could still do better. Despite Android Q’s efforts to protect users, the EFF says the operating system still favors ad trackers over users. Android Q’s new privacy features include: user control over … continue reading
The importance of data privacy is starting to get more serious. The U.S. Federal Trade Commission today announced Facebook will be fined a record-breaking $5 billion penalty for violating its users privacy. This comes just days after the FTC and Equifax came to a $575 million agreement for its 2017 data breach. RELATED CONTENT: GDPR … continue reading
The costs of data breaches are continuing to rise. A new report has found the cost has risen 12 percent over the last five years and now costs $3.92 million on average per breach. Last year, the average cost was $3.86 million. According to the report, the formation of an incident response team, extensive use … continue reading
Equifax will finally have to pay for its 2017 data breach, which compromised up to 147 million users and exposed sensitive information like credit card numbers, social security numbers, names, birthdays and addresses. The Federal Trade Commission (FTC) has revealed Equifax has agreed to pay at least $575 million as part of a global settlement … continue reading
Microsoft is starting to explore new programming languages to protect against security vulnerabilities. The company revealed it is turning to the systems programming language Rust to help developers build more reliable and efficient software. Microsoft has long turned to languages like C++ and C# in their security efforts. C# has helped protect against memory corruption … continue reading
Orasi Software, a DevOps technology and consulting firm that ensures confident delivery of transformative applications that grow and simplify business, today announced that Orasi and Saltworks Security, an Orasi Company, have entered into a cooperative partnership with Sonatype, an innovator in open source code governance. For the partnership, Orasi and Saltworks will promote Sonatype’s open … continue reading
As a developer, you specialize in code – not security. However, as DevOps continues to blend roles and responsibilities, the typical software developer has become responsible for more and more operational aspects like security. A core component of application and IoT security is code signing. Let’s start with a basic definition. Code signing is a … continue reading
