While open-source software is an integral part of software development today, security continues to be an issue. A recently released report revealed a 71 percent increase in open-source security related breaches over the last five years. In addition, 25 percent of organizations reported a confirmed or suspected open-source software related breach. RELATED CONTENT: Open source … continue reading
GitHub acquired Pull Panda to help teams create more efficient and effective code review workflows on GitHub. The financial terms were not revealed by the companies. According to the company, Pull Panda advances code reviews through Pull Reminders,which sends a notification through Slack when a collaborator needs review; Pull Analytics, which offers real-time insight into … continue reading
GitLab is taking the next steps in its DevOps initiative with the announcement that it is integrating security into its single application. The company is also releasing auto remediation, security dashboards and plans to release security approvals in an upcoming update. “The advantages of a single application are numerous: A single sign-on eliminates the need … continue reading
Google has announced the open-source availability of its Private Join and Compute project. Private Join and Compute is a type of secure multi-party computation designed to help organizations work with confidential data sets. The project is a part of the company’s mission to help organizations do more with data while keeping users’ data as safe … continue reading
Companies are paying the highest amount of bounties to fix cross-site scripting (XSS), improper authentication and information disclosure vulnerabilities. Meanwhile, some cloud-based vulnerabilities such as server-side request forgery (SSRF), in which an attacker can abuse functionality on the server to read or update internal resources, are seeing an uptick in bounties. This is according to … continue reading
In recent weeks, data breaches seem to have suddenly become more widespread and far reaching across the globe. In Australia, the Office of the Australian Information Commissioner (OAIC) revealed more than 10 million individuals had their information compromised in a single incident. In Singapore, thousands of Red Cross blood donors had their personal information leaked. … continue reading
A majority of organizations are vulnerable to hack attacks because they are still in the dark when it comes to their data. A newly released report reveals more than half of all data within organizations remains unclassified or untagged, which results in an organization’s inability to assess the risk or value of more than half … continue reading
Apple is changing its requirements for applications on its App Store to protect user data. Apps in the kids category, VPNs, health or fitness apps will no longer transmit data to third parties and MDM apps, and other apps can only collect data after requesting permission from the user. Additionally, apps in the kids category … continue reading
Contrast Software Contrast Assess produces accurate results without dependence on application security experts, using deep security instrumentation to analyze code in real time from within the application. It scales because it instruments application security into each application, delivering vulnerability assessment across an entire application portfolio. Contrast Assess integrates seamlessly into the software lifecycle and into … continue reading
Jeff Williams, co-founder and CTO, Contrast Security: Contrast is an integration platform for application security. We use an instrumentation-based approach, so we work from inside the running application layer. From there, we support the entire software life cycle with three things. The first thing is, we help identify vulnerabilities. Typically you want them to be … continue reading
In the midst of immense public outcry against rampant personal data collection by companies, Apple showed off a variety of new security features for its upcoming iOS 13 release at the company’s annual Worldwide Developers Conference (WWDC). The conference comes days after Apple launched a new website trying to highlight its App Store’s accomplishments while … continue reading
Many Americans seem resigned to not having control over their data profiles on the Internet. As larger and more sophisticated data breaches are reported in growing numbers, and companies such as Facebook and Google engage in mysterious data activities, technology users are left not knowing who’s got their data, or what they’re going to do … continue reading
