People buy digital assets in games every day. In fact, 89.5 percent of all commerce associated with gaming in 2022 was digital, per The Digital Entertainment and Retail Association. True ownership of those digital assets, however, remains a huge, intrinsic problem for the gaming industry. In practice, the sales of these assets are more akin … continue reading
In response to the “increasing speed, scale, and sophistication of cyberattacks,” Microsoft has announced its Secure Future Initiative. “The past year has brought to the world an almost unparalleled and diverse array of technological change,” Brad Smith, vice chair and president of Microsoft, wrote in a blog post. “Advances in artificial intelligence are accelerating innovation … continue reading
GitGuardian introduced a free tool called ‘HasMySecretLeaked’ to assist security engineers in proactively checking if their organization’s confidential information has been exposed on GitHub.com. This tool addresses the challenge of safeguarding secrets in the cloud-native application development realm, where organizations struggle with secrets spreading across developer tools. According to the company, these secrets are also … continue reading
Google is making passkeys more accessible by offering them as the default option for authentication across personal Google Accounts. In the future, when you log in to your account, users will be prompted to create and use passkeys for easier sign-ins. Additionally, the “Skip password when possible” option in Google Account settings will be enabled. … continue reading
OpenPubkey is an open-source cryptographic protocol that hopes to strengthen security in the open source ecosystem. It makes use of the authentication framework OpenID Connect, enabling users to sign artifacts using their OpenID identity. This enables the use of supply chain security features like signed builds, deployments, and code commits. It was developed at BastionZero, … continue reading
In 2023, there was an 18% decline in the number of open-source projects that are considered to be “actively maintained.” This is according to Sonatype’s Annual State of the Software Supply Chain Report. The report claims that only 11% of open-source projects are actually actively maintained. Despite these flaws, Sonatype still says that 96% of … continue reading
The primary goal behind Wolfi, which was announced a year ago, is to create secure, hardened containers with zero known CVEs, according to the project maintainers in a post. Since its release, the team of maintainers at Chainguard, along with community contributors, has been focused on aiding developers in addressing software supply chain security challenges. … continue reading
Over the past few months, Google has provided updates on its significant privacy and security efforts, aiming to assist users in adapting to forthcoming changes and utilizing new tools and resources, such as improved account data transparency and controls available in the app’s Data Safety section and the introduction of new functionality for Android 14. Google … continue reading
National Insider Threat Awareness Month (NITAM) is an annual event taking place in September. First held in 2019, its purpose is to educate both government and industry sectors about the dangers of those threats and the importance of programs to deal with the issue. Insider Threat Programs. This year, NITAM 2023 focuses on the theme … continue reading
JFrog users can look forward to some new products across the company’s vast portfolio of DevOps products. At its SwampUP conference today, the company announced new management capabilities for machine learning (ML) models and released a new tool for writing and releasing secure applications. The new ML capabilities enable companies to detect and block malicious … continue reading
Securing software supply chains has been a big focus of the Biden administration. In May 2021 President Joe Biden signed an executive order to improve cybersecurity, and since then it has made progress in providing guidance to companies on how to actually meet these cybersecurity goals. Now the U.S. federal Cybersecurity & Infrastructure Security Agency … continue reading
The National Institute of Standards and Technology (NIST) published a new draft document that outlines strategies for integrating software supply chain security measures into CI/CD pipelines. Cloud-native applications typically use a microservices architecture with a centralized infrastructure like a service mesh. These applications are often developed using DevSecOps, which uses CI/CD pipelines to guide software … continue reading
