Topic: security

EFF has privacy concerns about Android Q

The upcoming version of the Android operating system is taking a strong focus on privacy, but the Electronic Frontier Foundation (EFF) believes it could still do better. Despite Android Q’s efforts to protect users, the EFF says the operating system still favors ad trackers over users.  Android Q’s new privacy features include: user control over … continue reading

Facebook fined $5 billion over privacy breaches

The importance of data privacy is starting to get more serious. The U.S. Federal Trade Commission today announced Facebook will be fined a record-breaking $5 billion penalty for violating its users privacy. This comes just days after the FTC and Equifax came to a $575 million agreement for its 2017 data breach.  RELATED CONTENT:  GDPR … continue reading

Report: The costs of data breaches are rising

The costs of data breaches are continuing to rise. A new report has found the cost has risen 12 percent over the last five years and now costs $3.92 million on average per breach. Last year, the average cost was $3.86 million.  According to the report, the formation of an incident response team, extensive use … continue reading

Equifax agrees to pay at least $575 million in data breach settlement

Equifax will finally have to pay for its 2017 data breach, which compromised up to 147 million users and exposed sensitive information like credit card numbers, social security numbers, names, birthdays and addresses. The Federal Trade Commission (FTC) has revealed Equifax has agreed to pay at least $575 million as part of a global settlement … continue reading

Microsoft turns to Rust for safer code

Microsoft is starting to explore new programming languages to protect against security vulnerabilities. The company revealed it is turning to the systems programming language Rust to help developers build more reliable and efficient software.  Microsoft has long turned to languages like C++ and C# in their security efforts. C# has helped protect against memory corruption … continue reading

Orasi Software and Saltworks Security enter into partnership with open source security leader Sonatype

Orasi Software, a DevOps technology and consulting firm that ensures confident delivery of transformative applications that grow and simplify business, today announced that Orasi and Saltworks Security, an Orasi Company, have entered into a cooperative partnership with Sonatype, an innovator in open source code governance. For the partnership, Orasi and Saltworks will promote Sonatype’s open … continue reading

A developer’s guide to key storage providers

As a developer, you specialize in code – not security.  However, as DevOps continues to blend roles and responsibilities, the typical software developer has become responsible for more and more operational aspects like security. A core component of application and IoT security is code signing. Let’s start with a basic definition. Code signing is a … continue reading

Report: Not all open-source software is created equal

While open-source software is an integral part of software development today, security continues to be an issue. A recently released report revealed a 71 percent increase in open-source security related breaches over the last five years. In addition, 25 percent of organizations reported a confirmed or suspected open-source software related breach.  RELATED CONTENT: Open source … continue reading

SD Times news digest: GitHub acquires Pull Panda, Cloudflare introduces advanced cryptographic library, and Raspberry Pi 4 Model B

GitHub acquired Pull Panda to help teams create more efficient and effective code review workflows on GitHub. The financial terms were not revealed by the companies.  According to the company, Pull Panda advances code reviews through Pull Reminders,which sends a notification through Slack when a collaborator needs review; Pull Analytics, which offers real-time insight into … continue reading

GitLab turns its focus to DevSecOps

GitLab is taking the next steps in its DevOps initiative with the announcement that it is integrating security into its single application. The company is also releasing auto remediation, security dashboards and plans to release security approvals in an upcoming update. “The advantages of a single application are numerous: A single sign-on eliminates the need … continue reading

Google adds new level of privacy and insight to data with open-source project

Google has announced the open-source availability of its Private Join and Compute project. Private Join and Compute is a type of secure multi-party computation designed to help organizations work with confidential data sets. The project is a part of the company’s mission to help organizations do more with data while keeping users’ data as safe … continue reading

HackerOne: The top 10 security vulnerabilities

Companies are paying the highest amount of bounties to fix cross-site scripting (XSS), improper authentication and information disclosure vulnerabilities. Meanwhile, some cloud-based vulnerabilities such as server-side request forgery (SSRF), in which an attacker can abuse functionality on the server to read or update internal resources, are seeing an uptick in bounties. This is according to … continue reading

DMCA.com Protection Status