Topic: security

Necessity is the mother of the ‘Rugged DevOps’ movement

No matter how good your perimeter security is, experts agree: Your system has been breached, whether you know it or not. The costs of security flaws—cybersecurity expert Joe Franscella calls them “The Five Horsemen of the Internet Apocalypse: Scam, Extortion, Embarrassment, Theft and Death”—are enormous. So why don’t we consider security a first-class citizen in … continue reading

Google’s Android Security Rewards program, Microsoft and the legal marijuana industry, and GitHub’s pinned repository feature—SD Times news digest: June 17, 2016

It has been one year since Google added Android Security to its vulnerability rewards program. Since then, the company has received more than 250 vulnerability reports, paid more than US$550,000 to 82 individuals, and paid 15 researchers $10,000 or more. The company is now updating its Android rewards program to entice even more security researchers … continue reading

SourceClear open-sources Commit Watcher to detect vulnerabilities in commits

As a way to help developers prevent disclosure of sensitive information or help them identify potentially dangerous commits, SourceClear has open-sourced Commit Watcher, a tool that finds both accidental credential leaks and security patches before they become an issue. Commit Watcher finds interesting or potentially hazardous commits in Git projects, according to its GitHub page. … continue reading

Core Infrastructure Initiative announces investment in security tool OWASP ZAP

The Linux Foundation’s Core Infrastructure Initiative (CII) is continuing its commitment to help fund, support and improve open-source projects with a new investment. The organization has announced it is investing in the Open Web Application Security Project Zed Attack Proxy project (OWASP ZAP), a security tool designed to help developers identify vulnerabilities in their web … continue reading

Security contributions to Apache Milagro, RAD Server, and multi-window design for Android—SD Times news digest: May 12, 2016

A new Apache Software Foundation project called Milagro is currently incubating, and as of this week, it has received contributions from MIRACL, NTT Innovation Institute and NTT Labs. The organizations contributed authentication code to Milagro as a way to establish a new Internet security framework made of cryptographic service providers called Distributed Trust Authorities. The … continue reading

FileMaker 15 enables custom app development, Rancher HA simplified, and Facebook’s AI backbone—SD Times news digest: May 10, 2016

FileMaker has announced the newest release of its custom app platform, FileMaker 15, which has new features in automation, mobility, performance and security. The new features for mobility include Touch ID support, which allows developers to access their custom apps with their finger, including with 3D Touch support. There are automation and integration features that … continue reading

Learn best practices, security measures for World Password Day

This year is marks the fourth annual World Password Day, and yet the old security measure of changing passwords still seems to be troubling both large and small organizations. Today makes it a good day to get updated on the best practices and tips for creating and securing strong passwords. The intention behind World Password … continue reading

Best practices for .NET Framework compatibility

Recent changes to the .NET Frameworks can provide developers with the tools and best practices they need to make supporting a new version of a framework easier. In a blog post written by Mike Rousos, a software engineer on the .NET team, he said that beginning with.NET Framework 4.0, all versions with a major version … continue reading

GitLab releases security fixes, Pants 1.0, and Sauce Labs integration for JIRA—SD Times news digest: May 3, 2016

GitLab is strongly recommending users upgrade to any of the newest versions for GitLab 8.2 through 8.7 GitLab Community Edition (CE) and Enterprise Edition (EE) because they contain security fixes. One of the security fixes is for a critical privilege escalation. GitLab said that during an internal code review, it discovered a critical security flaw … continue reading

Industry Watch: CMMI asks, ‘How YOU Doin’?’

Good software requires a good process for creating it. Good software that meets the needs of the business requires an even better process. That’s the goal of the CMMI Institute, to make sure that organizations are tracking what they do so their performance improves. The CMMI—Capability Maturity Model Integration—originated at the Software Engineering Institute at … continue reading

Dropbox’s Project Infinite, New Android 6.0 mechanisms, and Apple sees revenue decline—SD Times news digest: April 26, 2016

Today Dropbox showcased a new technology preview called Project Infinite. The goal of this project is to reimagine how people find, access and collaborate with large amounts of data, according to a Dropbox blog post. Most users work on devices with limited storage capacity, said the company, and when people work in teams, getting secure … continue reading

Google to end support for OAuth 1.0 (2LO)

Google is continuing its commitment to modern open standards. The company announced it will be shutting down support for OAuth 1.0 2-legged (2LO) by Oct. 20. “With this step, we continue to move away from legacy authentication/authorization protocols, focusing our support on modern open standards that enhance the security of Google accounts and that are … continue reading

DMCA.com Protection Status