Topic: security

Polaris Software Integrity Platform brings increased speed to security

Built on the same analysis engines as Synopsys’ Coverity and Black Duck products, Polaris fAST Static and fAST SCA services are application security testing tools (AST) integrated and delivered through the most recent version of the Polaris Software Integrity Platform.  Polaris was designed to keep up with the increasing velocity of development and shortening of … continue reading

SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix

The OSC&R (Open Software Supply Chain Attack Reference) is an open source framework used for understanding and evaluating existing threats to entire software supply chain security. OSC&R was created to establish a standard language and structure for comprehending and evaluating the tactics, techniques, and procedures (TTPs) utilized by attackers to breach the security of software … continue reading

Vulnerability discovered in Spring that enables DoS attacks

An Expression Denial of Service (DoS) vulnerability was found by Code Intelligence in the Spring Framework, a popular Java application development framework.  “As part of our efforts to improve the security of open-source software, we continuously test open-source projects with our JVM fuzzing engine Jazzer in Google’s OSS-Fuzz. One of our tests yielded a Denial … continue reading

Code in the fast lane: Why secure developers can ship at warp speed

Skills verification has been a facet of our lives for most of the modern era, granting us validity and opening doors that wouldn’t otherwise be available. Driving, for example, is an important rite of passage for most, and we’re expected to pass a set of standardized assessments to confirm that we can be trusted with … continue reading

JFrog announced new capabilities to improve security of software releases

JFrog announced the beta of the Artifactory release lifecycle management platform to standardize and track development processes with greater accountability and security.  “Organizations of all sizes are challenged to keep software up-to-date and secure while operating at the speed of business, particularly when development teams are globally distributed, which can result in a lack of … continue reading

Google announces 2023 plans for privacy for Google Play and Android

Google prides itself on its initiatives regarding security in the Android ecosystem. Over the past year it has made a lot of strides, and now the company is detailing its plans for the upcoming year. One of the areas for improvement is opening up spaces for developers to support each other. It has opened up … continue reading

What the National Cybersecurity Strategy means for software providers

The National Cybersecurity Strategy released by the Biden Administration this week includes key recommendations that significantly mitigate software supply chain risks. Specifically, the White House recommends making software providers liable for insecure software. Until now, the U.S. government has never taken such a bold stance on liability for software products at this level. The strategy … continue reading

White House reveals new plan for how U.S. addresses cybersecurity

The White House has released a new plan for ensuring security in digital ecosystems. It hopes to “reimagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and … continue reading

Puppet Enterprise 2023.0 released with NIST compliance

Puppet Enterprise 2023.0 is the latest release following 2021.7 that includes NIST compliance, the ability to authenticate users in multiple Lightweight Directory Access Protocol (LDAP) domains, adds a streamlined user interface, and more.  With NIST compliance, Puppet Enterprise 2023.0 reduces compliance risk and the risk of sensitive information being accessed. Users can customize the timeout … continue reading

SonarQube 9.9 LTS helps organizations produce clean code

SonarSource’s release of SonarQube 9.9 Long-Term Support (LTS) aims to help organizations clean their code quickly with accelerated pull request analysis, support for building and deploying secure cloud-native applications, and more.  “Our mission is to equip organizations with the solution and methodology to achieve a state of Clean Code, making all code fit for development … continue reading

Time to hide your API

The need for robust API security is growing rapidly in response to the increasing dependence of organizations on APIs for their digital operations.  With 70% of respondents to a report expecting to use more APIs in 2023 than last year, this presents a heightened challenge for API security, which only comprises about 4% of the … continue reading

Enterprises struggle with long-term exposure to security flaws

As the number of zero-day vulnerabilities continues to climb, enterprises are struggling to keep up with the long-term exposure to these security flaws. Recently, Rob Silvers, undersecretary for policy at the U.S. Department of Homeland Security and chair of its Cyber Safety Review Board, proclaimed that Log4j “is not over.” He noted that enterprises are … continue reading Protection Status