Topic: security

Despite advancements in authentication technology, MFA adoption lags

In today’s digital age, ensuring secure authentication at your organization is more crucial than ever. With the increasing prevalence of cyber attacks, data breaches, and identity theft, it is imperative for businesses to implement robust security measures to protect their sensitive information and assets.  Passwords are still the leading cause of security breaches, and we’ll … continue reading

SD Times Open Source Project of the Week: Tython

Tython is an open-source Security as Code framework and SDK that is geared towards building security design patterns as-code. It takes an architectural approach to cloud security, supports the user’s choice of programming language, and removes vendor lock-in. With Tython, customers can design reusable security references architectures as-code with pre-built blueprints so that they don’t … continue reading

Amazon CodeWhisperer brings AI-assisted development to AWS

The newly launched CodeWhisperer is a tool that uses AI-generated suggestions to help developers maintain their focus and stay productive by allowing them to write code quickly and securely without disrupting their workflow by leaving their IDE to look up information. The tool is especially useful for creating code for routine and time-consuming tasks, and … continue reading

Melissa advises extending adverse media screening to improve customer due diligence

Melissa, provider of data quality; identity verification; and address management solutions, recently advised expanding negative news screening operations, also known as adverse media screening (AMS), to businesses and individuals being onboarded to financial organizations.  The company stated that AMS has become increasingly more important in customer due diligence operations, where organizations are required to perform … continue reading

Android updates data deletion policy to provide more transparency to users

Google announced a new data deletion policy to provide users with more transparency and authority when it comes to managing their in-app data. Developers will soon be required to include an option in their apps for users to initiate the process of deleting their account and associated data both within the app and online on … continue reading

How developers can confidently secure applications

Cybersecurity costs companies billions of dollars a year, with that cost expected to be in trillions by 2025, according to some cybersecurity research firms. Consider the Marriott hotels’ leak of 500 million customer records for which Marriott took a $126 million charge; and Equifax, an American credit reporting agency, spent 1.4 billion dollars on cleanup … continue reading

Most severe supply chain attacks occur due to third-party dependencies

Software supply chain attacks occur primarily because most software development involves using third-party dependencies.  The most severe attacks occur on a “Zero Day,” which refers to vulnerabilities that have been discovered without any available patch or fix, according to William Manning, solution architect at DevOps platform provider JFrog, in an ITOps Times Live! on-demand webinar … continue reading

Polaris Software Integrity Platform brings increased speed to security

Built on the same analysis engines as Synopsys’ Coverity and Black Duck products, Polaris fAST Static and fAST SCA services are application security testing tools (AST) integrated and delivered through the most recent version of the Polaris Software Integrity Platform.  Polaris was designed to keep up with the increasing velocity of development and shortening of … continue reading

SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix

The OSC&R (Open Software Supply Chain Attack Reference) is an open source framework used for understanding and evaluating existing threats to entire software supply chain security. OSC&R was created to establish a standard language and structure for comprehending and evaluating the tactics, techniques, and procedures (TTPs) utilized by attackers to breach the security of software … continue reading

Vulnerability discovered in Spring that enables DoS attacks

An Expression Denial of Service (DoS) vulnerability was found by Code Intelligence in the Spring Framework, a popular Java application development framework.  “As part of our efforts to improve the security of open-source software, we continuously test open-source projects with our JVM fuzzing engine Jazzer in Google’s OSS-Fuzz. One of our tests yielded a Denial … continue reading

Code in the fast lane: Why secure developers can ship at warp speed

Skills verification has been a facet of our lives for most of the modern era, granting us validity and opening doors that wouldn’t otherwise be available. Driving, for example, is an important rite of passage for most, and we’re expected to pass a set of standardized assessments to confirm that we can be trusted with … continue reading

JFrog announced new capabilities to improve security of software releases

JFrog announced the beta of the Artifactory release lifecycle management platform to standardize and track development processes with greater accountability and security.  “Organizations of all sizes are challenged to keep software up-to-date and secure while operating at the speed of business, particularly when development teams are globally distributed, which can result in a lack of … continue reading

DMCA.com Protection Status