The development team behind the OpenSSL open-source encryption toolkit has released its first official security policy, laying out its internal security protocols and plans to pre-notify organizations implementing OpenSSL about impending updates and security fixes. The OpenSSL pre-notification policy will allow notices to be sent out over the OpenSSL mailing list and on the homepage … continue reading
As Docker has exploded in popularity, so too has the open-source community around it. Now, as more and more large enterprise software companies jump on the Docker bandwagon, the community is tackling some of the larger issues behind the emerging technology, namely container security. One of the big names driving security improvements in Docker container … continue reading
Tuesday’s voicemail from my bank was short and simple: “My name is Patricia from the Bank of America fraud prevention department. This important message is for Mr. Alan Zeichick. We are calling to verify some potentially suspicious activity on your account. It is very important that we speak with you.” Nobody had pilfered a credit-card … continue reading
The IEEE Center for Secure Design has published a report on the Top 10 software security design flaws (and how to avoid them). When it comes to making sure software is secure, too much of the attention is focused on bugs, and not enough of the conversation is about design flaws, according to Gary McGraw, … continue reading
RethinkDB 1.14 released Version 1.14 of the RethinkDB open-source distributed JSON database has been released with more than 50 new enhancements. RethinkDB ecosystem engineer Josh Kuhn announced the release in a blog post, explaining that 1.14 is the first RethinkDB release that doesn’t require data migration. Some of the main upgrades and new features include: … continue reading
Microsoft announces DocumentDB and Azure Search-as-a-Service Microsoft has announced several services for its Azure cloud platform, including DocumentDB, a fully managed NoSQL document database service. Blog posts from Microsoft Azure product marketing director Vibhor Kapoor and Azure senior program manager Ryan CrawCour detail the new services, which in addition to the NoSQL service feature Azure … continue reading
The popular OpenSSL encryption scheme underlying much of the Web’s security protocols is finally turning a corner. With Heartbleed now well behind it, the open-source SSL/TLS security protocol released a project road map laying out its short- and long-term goals, and it has issued nine security fixes to the encryption scheme. In a Security Advisory, … continue reading
It’s a mess out there. OpenSSL was compromised. The U.S. government is in your database. Cats and dogs living together; mass hysteria! But there is a solution. You, as a software development manager, hold the keys to making sure your software is secure. You hold the keys to making sure your infrastructure is secure. You … continue reading
Even with all we know about cross-site scripting and SQL injections, these attacks on servers remain pervasive. Part of that is due to the fact that security technology (firewalls, signatures, past definitions) was not focused on these types of attacks. Another part is that developers have not embraced security as something that is their concern. … continue reading
When it was announced on June 8 that OpenSSL was vulnerable to a dangerous new attack that could reveal security certificates to an attacker, the Internet spent a few days in panic mode. Thousands, if not millions, of sites used (and still use) OpenSSL, and the fix for the problem took a few days to … continue reading
Samsung indefinitely postpones launch of Tizen-powered Samsung Z It’ll be a bit longer before we see a Samsung phone running Tizen OS. Samsung announced it is delaying sales of the Samsung Z smartphone, the company’s first device running Tizen, the rival mobile platform to Android and iOS. Samsung canceled a developer conference in Russia where … continue reading
Logs were previously the last-resort debugging tool that a developer or Ops pro turned to when a serious issue arose. They were seen as complex data streams that only the most sophisticated and knowledgeable of engineers could understand. However, today, thanks to log-management innovations like real-time analysis, parsing and event visualizations, logs are now used … continue reading
