In a recent survey conducted by Gartner, the organization found that the highest-ranked strategy for a successful DevOps approach was collaboration with information security. “In the past 12 months at Gartner, how to securely integrate security into DevOps — delivering DevSecOps — has been one of the fastest-growing areas of interest of clients, with more … continue reading
Software is the lifeblood of most businesses today. So, what happens if that software is unreliable or insecure? It seems like a no-brainer that the software being pushed out should be protected. But, as software is being developed and deployed at a rapid pace, an important aspect of the life cycle gets lost in the … continue reading
The idea that developers don’t care about application security is a myth. A recently released report found that not only do developers take application security seriously, they take the time to find and fix vulnerabilities in their applications. “Developers want to create great code, and to them that also means code that won’t get their … continue reading
The Open Web Application Security Project (OWASP) officially released its Top 10 most critical web application security risks. This is the first time the organization has updated the Top 10 since 2013. “Change has accelerated over the last four years, and the OWASP Top 10 needed to change. We’ve completely refactored the OWASP Top 10, … continue reading
GitHub has announced security alerts for developers are now available. The company first announced security alerts at the GitHub Universe conference last month. The new solution is designed to detect vulnerable dependencies, alert affected repositories, and suggest known fixes. The security alerts are a part of the company’s recently announced dependency graph, which enables developers … continue reading
Microsoft is applying machine learning and deep neural networks to its software security approach. The company announced a new research project, neural fuzzing, designed to augment traditional fuzzing techniques, discover vulnerabilities, and learn from past software experiences. The research is based on Microsoft’s Security Risk Detection tool that incorporates artificial intelligence to find and detect … continue reading
A survey released today by NodeSource, developers of Node.js, and Sqreen, a SaaS security solution, found that while developers are fully aware of security risks associated with operating in the open Internet, they’re lax in implementing tools for threat detection and mitigation. The survey, which looked at responses from nearly 300 Node.js users — CTOs, … continue reading
Synopsys and Black Duck Software have signed an agreement that will allow Synopsys to acquire Black Duck for approximately $565 million. Black Duck is known for its open source security and license management solutions. The acquisition is expected to close in December of this year. The transaction will be subject to Hart Scott Rodino regulatory … continue reading
As passwords continue to be a problem in today’s modern world, one group of computer researchers is taking a new approach to protecting the web. Researchers from Florida International University and Bloomberg have developed a two-factor authentication solution that depends on physical objects rather than code. We use passwords to unlock sensitive information such as … continue reading
When a single breach can cause untold damage to your business, from millions in losses to reputational damage, operational disruption, and lost trust, you want to align your security budget with the actual threats you face. So why does the typical company allocate less than 3% of its security budget to application security—when a full 30% of successful breaches … continue reading
It has been over a year since Google announced its commitment to provide a more secure web with HTTPS, and today the company is announcing it is making great strides. Google is releasing its public Transparency Report to detail the progress it’s made with HTTPS usage. According to the report, 64% of Chrome traffic on … continue reading
Java developers should be more aware of the open source software components they put in their applications if they want to avoid a security breach. A new report release by Veracode, a CA Technologies company, revealed 88% of Java apps include at least one vulnerable component, and about 53.3% of Java apps rely on a … continue reading
