Signal Sciences today announced the availability of its Signal Sciences Web Protection Platform (WPP). WPP is new platform designed to provide threat protection for web applications, APIs, and microservices on any platform. This platform launch comes on the heels of Signal Sciences’ announcement of a $15 million series B funding round led by CRV. Signal … continue reading
In order for teams to spot security problems and vulnerabilities in their code, Rogue Wave is updating its static code analysis tool with a new security report, new Java checkers, extensive updates to its CERT taxonomy, and more. Rogue Wave’s Klocwork 2017.1 is the company’s latest release, and it introduces a new built-in graphical security … continue reading
Black Duck, a company that serves up information about the latest security vulnerabilities on open source components, released its 2017 Open Source Security and Risk Analysis (OSSRA) today. The OSSRA revealed significant risks related to open-source vulnerabilities and license-compliance challenges, as well as high levels of risk in the retail and ecommerce industry. According to … continue reading
The Open Web Application Security Project (OWASP) released its Top 10 2017 project for public comment. This is the 14th year OWASP is raising awareness of security risks with its list, and it contains two major vulnerability updates, example attack scenarios, and a list of free and open resources for security-conscious developers. When Jeff Williams, OWASP … continue reading
Developers will never be responsible for all of security in an organization, but if they keep up with best practices, resources, and find new ways to secure and deliver good code, they could play a key role in developing resilient software. Today, most firms have a software security group (or SSG) or a product security … continue reading
Apple has announced iOS 10.3 with the highly requested “Find my AirPods” feature, new Apple File System (APFS) implementation, and a number of developer improvements. Other enhancements include bug fixes and touch ID authentication for its Numbers, Pages, and Keynote productivity apps. The latest version of the mobile operating system went through seven beta versions … continue reading
From LinkedIn to Yahoo, companies fell into the hands of hackers and identity thieves in 2016. Each year, companies seem to make the same security resolutions, only to face roadblocks like skill shortages, time constraints and budget issues, which prevent them from implementing good security practices. Experts recommended companies consider the following trends and predictions … continue reading
Intel is beginning to square in on AI with the announcement of a single cross-Intel organization: The Artificial Intelligence Products Group (AIPG). According to the company, AIPG strengthens its focus on AI, and will include engineering, labs, software and resources as it continues to work on its AI portfolio: The Intel Nervana platform. In addition, … continue reading
The world of Internet-connected devices targeted at children is a magical one. Toy dinosaurs can learn and communicate with a growing child, teddy bears can transmit messages overseas to military parents, and talking dolls can communicate with children via speech recognition software. But this connectedness comes with a price. Recent hacks on IoT toys are … continue reading
There’s a new kind of journal aimed at communication of machine learning results, and OpenAI is supporting its launch. Distill is a website and a set of tools that makes it easier for people to explain machine learning concepts, according to an OpenAI blog. OpenAI research scientist Andrej Karpathy will serve on the steering committee … continue reading
The DevOps community is struggling with bringing security into the organization and across the software development life cycle (SDLC). However, new research from Sonatype reveals that while companies continue to face breaches, mature development organizations finally realize how critical it is to weave automated security early in the SDLC. Sonatype, a software automation and security … continue reading