The White House has released a new plan for ensuring security in digital ecosystems. It hopes to “reimagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and … continue reading
Puppet Enterprise 2023.0 is the latest release following 2021.7 that includes NIST compliance, the ability to authenticate users in multiple Lightweight Directory Access Protocol (LDAP) domains, adds a streamlined user interface, and more. With NIST compliance, Puppet Enterprise 2023.0 reduces compliance risk and the risk of sensitive information being accessed. Users can customize the timeout … continue reading
SonarSource’s release of SonarQube 9.9 Long-Term Support (LTS) aims to help organizations clean their code quickly with accelerated pull request analysis, support for building and deploying secure cloud-native applications, and more. “Our mission is to equip organizations with the solution and methodology to achieve a state of Clean Code, making all code fit for development … continue reading
The need for robust API security is growing rapidly in response to the increasing dependence of organizations on APIs for their digital operations. With 70% of respondents to a report expecting to use more APIs in 2023 than last year, this presents a heightened challenge for API security, which only comprises about 4% of the … continue reading
As the number of zero-day vulnerabilities continues to climb, enterprises are struggling to keep up with the long-term exposure to these security flaws. Recently, Rob Silvers, undersecretary for policy at the U.S. Department of Homeland Security and chair of its Cyber Safety Review Board, proclaimed that Log4j “is not over.” He noted that enterprises are … continue reading
March 13, 2020. Friday the 13th. That’s when a large number of companies shut their offices to prevent the spread of a deadly virus – COVID-19. Many thought this would be a short, temporary thing. They were wrong. The remainder of 2020 and 2021 were spent trying to figure out how to get an entire … continue reading
Veracode, provider of modern application security testing solutions, today released the results of the Veracode State of Software Security 2023 report, revealing that flaw build up overtime poses a real issue for many businesses. According to the report, nearly 32% of applications are found to have flaws at the first scan, jumping to almost 70% … continue reading
Security will continue to cause headaches in 2023. Not only will companies have to continue dealing with the normal issues like supply chain security and preventing ransomware, which they’ll continue to deal with, but a number of companies see other issues on the horizon for 2023. Supply chain attacks are ones in which the attackers … continue reading
Microsoft announced that Spring Cloud Azure version 4.5.0 has been released and is available from Maven Central. This is the first stable version to support passwordless connections to Azure Database for MySQL and Azure Database for PostgreSQL. Spring Cloud Azure is a framework that provides a way to build cloud-native applications using Azure services. It … continue reading
Developer security company Snyk today announced a $196.5 million Series G investment. The round was led by Qatar Investment Authority with participation from new investors Evolution Equity Partners, G Squared, and Irving Investors as well as existing investors boldstart ventures, Sands Capital, and Tiger Global. According to the company, this comes after a year of … continue reading
Contrast Security launched its developer-focused education program Contrast Security Learning Hub and the Contrast Community forum to broaden access to secure coding practices. The learning hub is a free program that provides interactive lessons on vulnerabilities across different languages and ecosystems. The program covers existing OWASP topics and JavaScript, Java, .NET, and Node.js programming languages. … continue reading
How developer-friendly is your organization’s security program? The answer is as important as ever in today’s digital economy. High-performing organizations empower developers with tools, training and resources to do high-quality work, with security top of mind. This results in the ability to build secure applications quickly that consistently meet expectations and mitigate risk. As we … continue reading
