Bug-finding software can determine if there are potential vulnerabilities in computer programs, but there is no way to figure out how many go unnoticed. Researchers at the New York University Tandon School of Engineering collaborated with the MIT Lincoln Laboratory and Northeastern University to take a new approach to this problem. The technique intentionally adds … continue reading
At GitHub, developers can now reorder issues and pull requests, and indicate priority by moving them higher or lower down their list. For developers, this is an easy way to indicate which milestones or labels in GitHub a teammate should focus on first. After a developer has grouped issues and pull requests within a milestone, they … continue reading
Today, H2O.ai announced the availability of Sparkling Water 2.0, an API for Apache Spark with new features and functionality. Sparkling Water now includes the ability to interface with Apache Spark, MLlib and Scala to give Spark user’s more visual capabilities. Sparkling Water 2.0 builds off of Sparkling Water, which was designed to give its users … continue reading
No matter how good your perimeter security is, experts agree: Your system has been breached, whether you know it or not. The costs of security flaws—cybersecurity expert Joe Franscella calls them “The Five Horsemen of the Internet Apocalypse: Scam, Extortion, Embarrassment, Theft and Death”—are enormous. So why don’t we consider security a first-class citizen in … continue reading
It has been one year since Google added Android Security to its vulnerability rewards program. Since then, the company has received more than 250 vulnerability reports, paid more than US$550,000 to 82 individuals, and paid 15 researchers $10,000 or more. The company is now updating its Android rewards program to entice even more security researchers … continue reading
As a way to help developers prevent disclosure of sensitive information or help them identify potentially dangerous commits, SourceClear has open-sourced Commit Watcher, a tool that finds both accidental credential leaks and security patches before they become an issue. Commit Watcher finds interesting or potentially hazardous commits in Git projects, according to its GitHub page. … continue reading
The Linux Foundation’s Core Infrastructure Initiative (CII) is continuing its commitment to help fund, support and improve open-source projects with a new investment. The organization has announced it is investing in the Open Web Application Security Project Zed Attack Proxy project (OWASP ZAP), a security tool designed to help developers identify vulnerabilities in their web … continue reading
A new Apache Software Foundation project called Milagro is currently incubating, and as of this week, it has received contributions from MIRACL, NTT Innovation Institute and NTT Labs. The organizations contributed authentication code to Milagro as a way to establish a new Internet security framework made of cryptographic service providers called Distributed Trust Authorities. The … continue reading
FileMaker has announced the newest release of its custom app platform, FileMaker 15, which has new features in automation, mobility, performance and security. The new features for mobility include Touch ID support, which allows developers to access their custom apps with their finger, including with 3D Touch support. There are automation and integration features that … continue reading
This year is marks the fourth annual World Password Day, and yet the old security measure of changing passwords still seems to be troubling both large and small organizations. Today makes it a good day to get updated on the best practices and tips for creating and securing strong passwords. The intention behind World Password … continue reading
Recent changes to the .NET Frameworks can provide developers with the tools and best practices they need to make supporting a new version of a framework easier. In a blog post written by Mike Rousos, a software engineer on the .NET team, he said that beginning with.NET Framework 4.0, all versions with a major version … continue reading
GitLab is strongly recommending users upgrade to any of the newest versions for GitLab 8.2 through 8.7 GitLab Community Edition (CE) and Enterprise Edition (EE) because they contain security fixes. One of the security fixes is for a critical privilege escalation. GitLab said that during an internal code review, it discovered a critical security flaw … continue reading
