Topic: security

Guest View: “Done” should include security

In today’s fast-paced, digital world, cybersecurity attacks occur daily. Businesses are scrambling to protect their assets and consumers fear for the safety of their personal information. Even large enterprises with ample resources and expertise aren’t safe, with LinkedIn, Yahoo, Sony, Target and the IRS all falling victim to malicious hackers. According to recent research, the … continue reading

Google’s secure domain for apps now available

Google has announced Google Registry’s newest top-level domain (TLD), .app, is now available. The .app TLD was designed for apps and app developers, and features security measures that enable developers to showcase apps to a broad audience. According to the company, having a memorable .app domain name makes it easy for users to find and … continue reading

npm, Inc. releases npm@6 package manager with new security protections

Npm, Inc. has announced the release of the npm@6 package manager. It will feature powerful new security features, such as automatic warnings when developers try to use open source code with known vulnerabilities, and ‘npm audit,’ which is an npm command that allows developers to analyze complex code and pinpoint specific vulnerabilities. A recent npm … continue reading

IBM releases new toolbox to protect AI from adversarial attacks

IBM is releasing an open-source software library to combat against adversarial attacks in deep neural networks (DNNs). DNNs are machine learning models that are capable of recognizing patterns. Current artificial intelligence techniques like recognizing objects in images, speech-to-text, and video annotation is based on DNNs. According to IBM, while DNNs are usually very accurate, they … continue reading

Survey finds frequent critical vulnerabilities in serverless open-source applications

Open-source libraries reliant on serverless architecture frequently skimp on essential security measures, according to serverless security runtime environment provider PureSec’s Ten Most Critical Security Risks in Serverless Architectures 2018 report. The analysis found critical vulnerabilities or misconfigurations that “could allow attackers to manipulate the application and perform various malicious actions” in 21 percent of 1,000 … continue reading

CA Technologies acquires SourceClear for its DevSecOps portfolio

CA Technologies announced its acquisition of software composition analysis specialists SourceClear early this week with aims to incorporate SourceClear’s SaaS-based SCA tool and proprietary vulnerability database with their Veracode cloud platform. “We are excited about what this acquisition means for our customers in terms of increased support for SCA in DevSecOps environments and the ability … continue reading

SD Times news digest: Security Compass’ SD Elements dashboards, Amazon’s Gadgets Skill API, and the Rust Reach program

Security Compass has announced new dashboards for its SD Elements platform, which aims to provide DevOps teams with a single view that shows risks from software, infrastructure security, compliance, and policy. The new insights will allow teams to better incorporate risk management and compliance into the process of creating new software. The SD Elements platform … continue reading

SD Times news digest: Cloudflare 1.1.1.1, Drupal security vulnerability, and Linux 4.16

As part of its mission to build a faster, privacy -first Internet, Cloudflare has announced the release of Cloudflare 1.1.1.1, a new DNS service. DNS is a directory of the Internet that includes a content side and a consumer side. The new service is a consumer DNS service. The company  obtained the memorable address 1.1.1.1 … continue reading

SAFECode updates its guide on best secure software development practices

The Software Assurance Forum for Excellence in Code (SAFECode) has announced the release of the Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Life Cycle Program (Third Edition). The publication is a set of best practices designed to help organizations improve their software assurance programs and encourage adoption of secure development … continue reading

IETF approves Transport Layer Security 1.3

The Internet Engineers Task Force (IETF) has announced the Transport Layer Security protocol version 1.3 is now an Internet standard. The IETF is an open standards organization whose mission is to ensure an open and transparent web. The new protocol is a security layer designed to protect the web from unauthorized access. “TLS allows client/server … continue reading

SD Times news digest: Netflix bug bounty program, InfluxData’s Apache Arrow support, and GitHub’s security alerts

Netflix is launching a public bug bounty program in order to improve the security of their solutions as well as strengthen their relationship with the security community. The program will be available through Bugcrowd. “Netflix’s goal is to deliver joy to our 117+ million members around the world, and it’s the security team’s job to … continue reading

Has DevSecOps succeeded in what it was created to accomplish?

At this point, the concept of DevOps should be familiar to everyone. But with the rise of cybersecurity attacks, organizations have seen the need to incorporate security into the mix. Thus, the idea of DevSecOps. Though the concept and practices were created with the best intentions, the number of cybersecurity attacks continues to rise, which … continue reading

DMCA.com Protection Status