The main goal of this project created by Contrast Security is to create a clear and usable policy for managing privacy and security risks when utilizing Generative AI and Large Language Models (LLMs) in organizations, according to the project’s GitHub page. The policy primarily aims to address several key concerns: 1. Avoid situations where ownership … continue reading
Notary, the CNCF project that provides cross-industry standards for supply chain security, has announced a major release. This brings both the Notary Project and Notation Project to version 1.0.0. Notation is a sub-project that implements Notary specifications. Included in this release are an OCI signature specification, OCI COSE signature envelope, OCI JWS signature envelope, OCI … continue reading
Fulton, Md., Aug. 21, 2023 (GLOBE NEWSWIRE) — Sonatype, the pioneer of software supply chain management, has announced new product capabilities for Sonatype Repository Firewall, Sonatype Nexus Repository and Sonatype Lifecycle. Bolstering Sonatype’s industry-leading software supply chain management platform, these enhancements are designed to give organizations greater control of their software development life cycle (SDLC) while meeting the evolving needs … continue reading
As companies across the globe race to fortify their cybersecurity defenses, they’re increasingly finding themselves navigating a complex maze when it comes to security testing. The past decade of innovation has produced an ecosystem now booming with countless tools, yet aligning these tools together, and avoiding tool sprawl, is proving to have its own set of … continue reading
Google announced that it is rolling out new tools and protections to help users stay in control of their personal information, privacy, and online safety. The “Results about you” tool has been updated and enhanced, enabling users to better manage their personal contact information on Google Search. It alerts users when their contact information appears … continue reading
The developer security company Sonar has announced an update to its platform, which will make it even easier for developers to write what Sonar calls “Clean Code,” or code that is “easy to read, maintain, understand and change through structure and consistency yet remains robust and secure to withstand performance demands.” The company has added … continue reading
Synopsys is working to make it easier for security teams to align their strategy across different projects, teams, and application security testing (AST) tools. They have released the Synopsys Software Risk Manager, which brings together security testing engines with policy-driven test orchestration and vulnerability management. According to Synopsys, Software Risk Manager allows teams to centrally … continue reading
Palo Alto Networks unveiled its CI/CD Security module which aims to offer comprehensive software delivery pipeline security integrated into code-to-cloud capabilities within Prisma Cloud’s CNAPP platform. Prisma Cloud focuses on safeguarding the CI/CD environment and effectively shielding against potential open-source vulnerabilities using software composition analysis, according to the company in a blog post. “A major … continue reading
The Rust Foundation outlined many improvements to the security structure of the language and expressed its commitment to developing tools, features, and recommendations based on security research in its Security Initiative Report. The Rust advancements follow the White House’s National Cybersecurity Strategy Implementation Plan that signals a deep civic investment in more secure programming languages like … continue reading
RALEIGH, NC – July 26, 2023 – Allstacks, a leader in value stream intelligence, today announced that it has successfully renewed a Type 2 Service Organization Control (SOC 2) examination conducted by an independent auditor. The audit demonstrated that the Allstacks platform meets specific criteria for guarding the data security of its clients and their customers. SOC … continue reading
JFrog has announced the introduction of JFrog Curation, an automated DevSecOps solution designed to thoroughly inspect and block contaminated open-source or third-party software packages and their respective dependencies before they enter a company’s software development environment. JFrog Curation, which is integrated with JFrog Artifactory, uses binary metadata for the identification of high-risk packages with high-severity … continue reading
Google is always working to improve privacy and transparency in Google Play so that users can be trustful of the place where they download all their Android apps. To that end, the company has just announced a number of updates, such as expanded developer verification requirements and new policies for developers wishing to offer blockchain-based … continue reading
