Open-source libraries reliant on serverless architecture frequently skimp on essential security measures, according to serverless security runtime environment provider PureSec’s Ten Most Critical Security Risks in Serverless Architectures 2018 report. The analysis found critical vulnerabilities or misconfigurations that “could allow attackers to manipulate the application and perform various malicious actions” in 21 percent of 1,000 … continue reading
CA Technologies announced its acquisition of software composition analysis specialists SourceClear early this week with aims to incorporate SourceClear’s SaaS-based SCA tool and proprietary vulnerability database with their Veracode cloud platform. “We are excited about what this acquisition means for our customers in terms of increased support for SCA in DevSecOps environments and the ability … continue reading
Security Compass has announced new dashboards for its SD Elements platform, which aims to provide DevOps teams with a single view that shows risks from software, infrastructure security, compliance, and policy. The new insights will allow teams to better incorporate risk management and compliance into the process of creating new software. The SD Elements platform … continue reading
As part of its mission to build a faster, privacy -first Internet, Cloudflare has announced the release of Cloudflare 1.1.1.1, a new DNS service. DNS is a directory of the Internet that includes a content side and a consumer side. The new service is a consumer DNS service. The company obtained the memorable address 1.1.1.1 … continue reading
The Software Assurance Forum for Excellence in Code (SAFECode) has announced the release of the Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Life Cycle Program (Third Edition). The publication is a set of best practices designed to help organizations improve their software assurance programs and encourage adoption of secure development … continue reading
The Internet Engineers Task Force (IETF) has announced the Transport Layer Security protocol version 1.3 is now an Internet standard. The IETF is an open standards organization whose mission is to ensure an open and transparent web. The new protocol is a security layer designed to protect the web from unauthorized access. “TLS allows client/server … continue reading
Netflix is launching a public bug bounty program in order to improve the security of their solutions as well as strengthen their relationship with the security community. The program will be available through Bugcrowd. “Netflix’s goal is to deliver joy to our 117+ million members around the world, and it’s the security team’s job to … continue reading
At this point, the concept of DevOps should be familiar to everyone. But with the rise of cybersecurity attacks, organizations have seen the need to incorporate security into the mix. Thus, the idea of DevSecOps. Though the concept and practices were created with the best intentions, the number of cybersecurity attacks continues to rise, which … continue reading
Cloudflare has announced a new solution for developers to deploy and execute code at the edge. Edge devices provide an entry point to an enterprise’s core network. Edge devices include routers, routing switches and integrated access devices. Cloudflare Workers enables developers to execute JavaScript code at the edge with the benefits of a cloud data … continue reading
As the volume of security threats rises, so is the efficiency of Security Operational Centers (SOC) used to combat against security breaches. A newly released report from Micro Focus found a 12 percent improvement in SOC maturity, the biggest improvement over the last five years. The report is based on the company’s Security Operations Maturity … continue reading
Chances are high that your business is home to shadow IT. The practice of using unsanctioned software on company devices isn’t done out of malice. It’s quite the opposite — users are turning to unapproved applications like chat apps, task managers, or collaboration tools in an effort to be more productive. While the intentions of … continue reading
“If you’re gonna commit a crime,” as “Slick Willie” Sutton said when asked why he robbed banks, “That’s where the money is.” Also known as “Willie the Actor” for his ability to disguise himself, Sutton stole an estimated $2 million during his 40-year robbery career. Modern-day cyber criminals have adopted this approach to digital extortion … continue reading
