Melissa, provider of data quality; identity verification; and address management solutions, recently advised expanding negative news screening operations, also known as adverse media screening (AMS), to businesses and individuals being onboarded to financial organizations. The company stated that AMS has become increasingly more important in customer due diligence operations, where organizations are required to perform … continue reading
Google announced a new data deletion policy to provide users with more transparency and authority when it comes to managing their in-app data. Developers will soon be required to include an option in their apps for users to initiate the process of deleting their account and associated data both within the app and online on … continue reading
Cybersecurity costs companies billions of dollars a year, with that cost expected to be in trillions by 2025, according to some cybersecurity research firms. Consider the Marriott hotels’ leak of 500 million customer records for which Marriott took a $126 million charge; and Equifax, an American credit reporting agency, spent 1.4 billion dollars on cleanup … continue reading
Software supply chain attacks occur primarily because most software development involves using third-party dependencies. The most severe attacks occur on a “Zero Day,” which refers to vulnerabilities that have been discovered without any available patch or fix, according to William Manning, solution architect at DevOps platform provider JFrog, in an ITOps Times Live! on-demand webinar … continue reading
Built on the same analysis engines as Synopsys’ Coverity and Black Duck products, Polaris fAST Static and fAST SCA services are application security testing tools (AST) integrated and delivered through the most recent version of the Polaris Software Integrity Platform. Polaris was designed to keep up with the increasing velocity of development and shortening of … continue reading
The OSC&R (Open Software Supply Chain Attack Reference) is an open source framework used for understanding and evaluating existing threats to entire software supply chain security. OSC&R was created to establish a standard language and structure for comprehending and evaluating the tactics, techniques, and procedures (TTPs) utilized by attackers to breach the security of software … continue reading
An Expression Denial of Service (DoS) vulnerability was found by Code Intelligence in the Spring Framework, a popular Java application development framework. “As part of our efforts to improve the security of open-source software, we continuously test open-source projects with our JVM fuzzing engine Jazzer in Google’s OSS-Fuzz. One of our tests yielded a Denial … continue reading
Skills verification has been a facet of our lives for most of the modern era, granting us validity and opening doors that wouldn’t otherwise be available. Driving, for example, is an important rite of passage for most, and we’re expected to pass a set of standardized assessments to confirm that we can be trusted with … continue reading
JFrog announced the beta of the Artifactory release lifecycle management platform to standardize and track development processes with greater accountability and security. “Organizations of all sizes are challenged to keep software up-to-date and secure while operating at the speed of business, particularly when development teams are globally distributed, which can result in a lack of … continue reading
Google prides itself on its initiatives regarding security in the Android ecosystem. Over the past year it has made a lot of strides, and now the company is detailing its plans for the upcoming year. One of the areas for improvement is opening up spaces for developers to support each other. It has opened up … continue reading
The National Cybersecurity Strategy released by the Biden Administration this week includes key recommendations that significantly mitigate software supply chain risks. Specifically, the White House recommends making software providers liable for insecure software. Until now, the U.S. government has never taken such a bold stance on liability for software products at this level. The strategy … continue reading
The White House has released a new plan for ensuring security in digital ecosystems. It hopes to “reimagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and … continue reading
