Topic: software security

Guest View: The modern security hero is a developer

As software becomes more sophisticated, the need for a security culture in organizations becomes more urgent. However, organizations’ security teams rarely have the necessary resources and expertise to support developers. In fact, the BSIMM 2016 survey indicates that for every 245 software engineers, there is 1 security expert. Not only do organizations lack the resources … continue reading

Security continues to be a black cloud for businesses

The year would not be complete without a major security breach, and although there are a number to choose from throughout any given year, Marriott ended 2018 with a doozy. The company revealed at the end of November that there had been unauthorized access to its Starwood reservation database for more than four years. This … continue reading

SD Times news digest: Android Keystore, Flexera and MachineShop’s technology alliance, and Clarity

Google announced new security updates to its Android Pie Keystore. The Keystore provides cryptographic tools for securing user data. “Keystore moves the cryptographic primitives available in software libraries out of the Android OS and into secure hardware. Keys are protected and used only within the secure hardware to protect application secrets from various forms of … continue reading

SD Times news digest: Google’s security warning, Stack Decisions, and Git 2.20

Google is notifying developers about an ongoing investigation, and applications and SDKs that may be at risk for abuse. The company revealed last week two apps were removed from the Google Play Store because of evidence of attribution abuse. The company also found abuse in three ad network SDKs and have began contacting developers using … continue reading

SD Times news digest: Neo4j raises $80 million, Amazon Future Engineer and Google’s new security controls

Graph database solution provider Neo4j has closed an Series E round of funding at $80 million. This brings the company’s total growth funding to $160 million since 2007. The funding will be used to help the company power business applications with graph databases as well as increase the product to support popular use cases such … continue reading

Facebook’s SapFix uses AI to reduce the time spent debugging

Facebook is introducing a new AI hybrid tool aimed at finding and fixing bugs automatically. SapFix is designed to find bugs, generate fixes and propose action plans to engineers before rolling out into production. The company announced the tool at its annual @Scale conference in San Jose this week. According to the company, SapFix significantly … continue reading

Web application security: The piece you’re probably missing

While most organizations recognize the need to protect their web apps, their efforts tend to focus on the server side, leaving a critical attack vector exposed: the client side. The fact of the matter is the entire web application ecosystem must be protected, end to end, and that includes mobile, JavaScript, desktop, server and API. … continue reading

SD Times news digest: New two-factor authentication approach, The LF Deep Learning Foundation and Linux 4.19-rc1

Researchers from the University of Alabama at Birmingham have announced a new two-factor authentication method that uses wearables and speech signals. The method “Listening-Watch” uses wearable devices such as smartwatches, activity trackers, and browser-generated speech sounds to perform two-factor authentication. “Listening-Watch offers two key security features,” said Nitesh Saxena, professor in the UAB College of … continue reading

Sonatype introduces DepShield for identifying vulnerable open-source components in GitHub

Sonatype wants to make it easier for developers to have open-source governance with the release of Sonatype DepShield. The solution is a GitHub application that integrates directly within repositories, enabling developers to identify vulnerable open-source components. According to the company, DepShield constantly monitors projects and automatically creates issues when security vulnerabilities are detected. It offers … continue reading

SD Times news digest: WhiteSource’s free vulnerability checker, Julia 1.0, and the Blockchain Learning Center

WhiteSource is making its Vulnerability Checker available for free for developers to detect if their solutions contain any of the 50 most critical open-source bugs out there today. The checker will enable users to import and scan any library as well as check if their projects are susceptible to the most recent and common bugs. … continue reading

SD Times news digest: Android Pie SDK, Contrast Security’s free DevSecOps solution, and Status partners with Nim

Following this week’s announcement of Android 9 Pie, Google is releasing a new Android SDK that offers more Kotlin features. According to the company, Android developers often run into problems with the Java programming language when accessing a null reference. Kotlin addresses this problem by providing nullable and non-nullable types in the type system, the … continue reading

SD Times news digest: Yale looks at modern cybersecurity challenges, LG AI research lab and GitHub Desktop 1.3

Yale University is releasing a new report on the challenges and problem areas of cyber risk in today’s modern world. The report is based off of discussions from the second annual Yale Cyber Leadership Forum in April. The forum looked at the divide between the law, technology, and business communities as well as focused on … continue reading

1 2 3 15
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!