JFrog users can look forward to some new products across the company’s vast portfolio of DevOps products. At its SwampUP conference today, the company announced new management capabilities for machine learning (ML) models and released a new tool for writing and releasing secure applications. The new ML capabilities enable companies to detect and block malicious … continue reading
Securing software supply chains has been a big focus of the Biden administration. In May 2021 President Joe Biden signed an executive order to improve cybersecurity, and since then it has made progress in providing guidance to companies on how to actually meet these cybersecurity goals. Now the U.S. federal Cybersecurity & Infrastructure Security Agency … continue reading
The National Institute of Standards and Technology (NIST) published a new draft document that outlines strategies for integrating software supply chain security measures into CI/CD pipelines. Cloud-native applications typically use a microservices architecture with a centralized infrastructure like a service mesh. These applications are often developed using DevSecOps, which uses CI/CD pipelines to guide software … continue reading
The main goal of this project created by Contrast Security is to create a clear and usable policy for managing privacy and security risks when utilizing Generative AI and Large Language Models (LLMs) in organizations, according to the project’s GitHub page. The policy primarily aims to address several key concerns: 1. Avoid situations where ownership … continue reading
Notary, the CNCF project that provides cross-industry standards for supply chain security, has announced a major release. This brings both the Notary Project and Notation Project to version 1.0.0. Notation is a sub-project that implements Notary specifications. Included in this release are an OCI signature specification, OCI COSE signature envelope, OCI JWS signature envelope, OCI … continue reading
Fulton, Md., Aug. 21, 2023 (GLOBE NEWSWIRE) — Sonatype, the pioneer of software supply chain management, has announced new product capabilities for Sonatype Repository Firewall, Sonatype Nexus Repository and Sonatype Lifecycle. Bolstering Sonatype’s industry-leading software supply chain management platform, these enhancements are designed to give organizations greater control of their software development life cycle (SDLC) while meeting the evolving needs … continue reading
As companies across the globe race to fortify their cybersecurity defenses, they’re increasingly finding themselves navigating a complex maze when it comes to security testing. The past decade of innovation has produced an ecosystem now booming with countless tools, yet aligning these tools together, and avoiding tool sprawl, is proving to have its own set of … continue reading
Google announced that it is rolling out new tools and protections to help users stay in control of their personal information, privacy, and online safety. The “Results about you” tool has been updated and enhanced, enabling users to better manage their personal contact information on Google Search. It alerts users when their contact information appears … continue reading
The developer security company Sonar has announced an update to its platform, which will make it even easier for developers to write what Sonar calls “Clean Code,” or code that is “easy to read, maintain, understand and change through structure and consistency yet remains robust and secure to withstand performance demands.” The company has added … continue reading
Synopsys is working to make it easier for security teams to align their strategy across different projects, teams, and application security testing (AST) tools. They have released the Synopsys Software Risk Manager, which brings together security testing engines with policy-driven test orchestration and vulnerability management. According to Synopsys, Software Risk Manager allows teams to centrally … continue reading
Palo Alto Networks unveiled its CI/CD Security module which aims to offer comprehensive software delivery pipeline security integrated into code-to-cloud capabilities within Prisma Cloud’s CNAPP platform. Prisma Cloud focuses on safeguarding the CI/CD environment and effectively shielding against potential open-source vulnerabilities using software composition analysis, according to the company in a blog post. “A major … continue reading
The Rust Foundation outlined many improvements to the security structure of the language and expressed its commitment to developing tools, features, and recommendations based on security research in its Security Initiative Report. The Rust advancements follow the White House’s National Cybersecurity Strategy Implementation Plan that signals a deep civic investment in more secure programming languages like … continue reading