As companies scramble to put out patches and fixes for the recent Meltdown and Spectre vulnerabilities, Google has come up with a new technique to help developers mitigate the risks. The company has developed Retpoline, a binary modification technique designed to mitigate risks against Spectre’s branch target injection attack. “‘Retpoline’ sequences are a software construct … continue reading
Frankenstein is a monster. IT can harm the people who created it. Ergo, IT is a monster. Taking a software tool from this vendor, hardware from another vendor, using a cloud-based storage and network system, can often lead to problems not foreseen by those who approved that approach. “There’s a new philosophy of how IT … continue reading
Earlier this week it was announced that modern CPUs are suffering from two major vulnerabilities being referred to as Meltdown and Spectre. The vulnerabilities will enable attackers to access sensitive information stored on computers. “Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed … continue reading
Year after year businesses face challenges when it comes to security, and 2017 was no different. Instead of trying to lecture the industry about the importance of application security testing, organizations tried to find new ways to bring security front and center. The problem is that developers don’t have proper security education for today’s world … continue reading
Google is taking user privacy seriously in its expanded enforcement of its Unwanted Software Policy. The policy is designed to protect against unwanted or harmful Android app behaviors. As part of this policy, Google will start flagging apps and websites that collect user data without consent. “Apps handling personal user data (such as user phone … continue reading
In a recent survey conducted by Gartner, the organization found that the highest-ranked strategy for a successful DevOps approach was collaboration with information security. “In the past 12 months at Gartner, how to securely integrate security into DevOps — delivering DevSecOps — has been one of the fastest-growing areas of interest of clients, with more … continue reading
A survey released today by NodeSource, developers of Node.js, and Sqreen, a SaaS security solution, found that while developers are fully aware of security risks associated with operating in the open Internet, they’re lax in implementing tools for threat detection and mitigation. The survey, which looked at responses from nearly 300 Node.js users — CTOs, … continue reading
Electronic design automation company Synopsys released the findings of its 2017 Coverity Scan Report, which shows an increased of “project maturity” in the over 4,600 open source software projects analyzed based on certain secure development strategies. The 20-page report outlines Synopsys’s method of gathering user-submitted projects, encompassing approximately 760 million lines of code, and analyzing … continue reading
Coming into force on May 25, 2018 is the long-awaited European General Data Protection Regulation (GDPR), which will change how businesses handle data on their customers and employees. In this ever-evolving world of data privacy, it’s important for companies to not only gain a strong understanding of GDPR, but understand where their data is located … continue reading
The world of software development involves so much more than writing code these days. Developers need to understand artificial intelligence, the cloud, new methodologies, and the expanding infrastructure required for the Internet of Things. Here are some companies our editors are watching to lead the way. tCell WHAT THEY DO: Application security WHY WE’RE WATCHING: … continue reading
Vanguard Integrity Professionals, Inc., cybersecurity experts with cybersecurity solutions securing any enterprise, is pleased to announce the launch and immediate availability of Version 2.3 Security and Compliance software for the IBM z/OS Security Server. This version of Vanguard software improves on nearly every aspect of its predecessor offering a vast array of new features and … continue reading
If you’re not reading this on another planet or in a bunker somewhere, then you’re likely aware of the recent breach of data from credit agency Equifax. Reports indicate that unknown attackers took advantage of a vulnerability in an Equifax web application to purloin personal identifiable information from 143 million people, including Social Security numbers. … continue reading