The following is a listing of security testing tool providers, along with a brief description of their offerings. FEATURED PROVIDER HCL AppScan helps organizations pinpoint and remediate vulnerabilities throughout the software development lifecycle (SDLC) with a suite of application security testing platforms available as a cloud-based service (SaaS), self-managed, or cloud-native. Powerful static, dynamic, interactive, … continue reading
Patch management is like painting or gardening: At first glance, it may seem like routine and straightforward work. But in practice, it can prove much more challenging than it looks. Just as lack of prep work can spell disaster for a paint job, or forgetting to water and weed regularly can turn your garden into … continue reading
As we bid farewell to another year, it is crucial to reflect on the threats of cyberattacks and ransomware and think of how to mitigate them moving forward. However, this year feels a bit different – marked by the unknown of what challenges AI will bring to the security landscape in the new year. This … continue reading
AWS is making it easier for companies to deploy applications from the AWS Marketplace in their environment with the release of SaaS Quick Launch. According to AWS, this new capability will solve a previous challenge of deploying applications, which could require hours to set up permissions policies and cloud infrastructure. Manually configuring these also introduced … continue reading
The Cybersecurity and Infrastructure Security Agency (CISA) has just published a roadmap for safely and responsibly utilizing AI. This follows President Biden’s Executive Order on AI last month. “In last month’s Executive Order, the President called on DHS to promote the adoption of AI safety standards globally and help ensure the safe, secure, and responsible … continue reading
People buy digital assets in games every day. In fact, 89.5 percent of all commerce associated with gaming in 2022 was digital, per The Digital Entertainment and Retail Association. True ownership of those digital assets, however, remains a huge, intrinsic problem for the gaming industry. In practice, the sales of these assets are more akin … continue reading
In response to the “increasing speed, scale, and sophistication of cyberattacks,” Microsoft has announced its Secure Future Initiative. “The past year has brought to the world an almost unparalleled and diverse array of technological change,” Brad Smith, vice chair and president of Microsoft, wrote in a blog post. “Advances in artificial intelligence are accelerating innovation … continue reading
GitGuardian introduced a free tool called ‘HasMySecretLeaked’ to assist security engineers in proactively checking if their organization’s confidential information has been exposed on GitHub.com. This tool addresses the challenge of safeguarding secrets in the cloud-native application development realm, where organizations struggle with secrets spreading across developer tools. According to the company, these secrets are also … continue reading
Google is making passkeys more accessible by offering them as the default option for authentication across personal Google Accounts. In the future, when you log in to your account, users will be prompted to create and use passkeys for easier sign-ins. Additionally, the “Skip password when possible” option in Google Account settings will be enabled. … continue reading
OpenPubkey is an open-source cryptographic protocol that hopes to strengthen security in the open source ecosystem. It makes use of the authentication framework OpenID Connect, enabling users to sign artifacts using their OpenID identity. This enables the use of supply chain security features like signed builds, deployments, and code commits. It was developed at BastionZero, … continue reading
In 2023, there was an 18% decline in the number of open-source projects that are considered to be “actively maintained.” This is according to Sonatype’s Annual State of the Software Supply Chain Report. The report claims that only 11% of open-source projects are actually actively maintained. Despite these flaws, Sonatype still says that 96% of … continue reading
The primary goal behind Wolfi, which was announced a year ago, is to create secure, hardened containers with zero known CVEs, according to the project maintainers in a post. Since its release, the team of maintainers at Chainguard, along with community contributors, has been focused on aiding developers in addressing software supply chain security challenges. … continue reading
