Topic: vulnerability

Google launches new knowledge base for remediating vulnerabilities in Android apps

In an effort to reduce the number of vulnerabilities in Android apps, Google is introducing the Android Application Security Knowledge Base (AAKB).  The AAKB includes a database of common code issues, complete with examples on how to remediate them and explanations on how to implement specific code patterns.  Google already does scan Android apps for … continue reading

Broken Access Control is now the highest vulnerability in OWASP Top 10 2021

The latest edition of the OWASP Top 10 showed that all of the highest-priority vulnerabilities since 2017 have shifted and new ones have been introduced.  Broken Access Control has dethroned Injection as the top vulnerability, whereas it previously held fifth place. The 34 Common Weakness Enumerations (CWEs) mapped to Broken Access Control had more occurrences … continue reading

Report: Remote work created vulnerabilities in systems designed for in-office workforce

As employees transitioned to working from home, this created new vulnerabilities in systems designed for a centralized, in-office workforce and also resulted in a spike in cybercriminal activity. This is according to the new 2021 Network Security Report conducted by the cybersecurity and managed security services provider Trustwave which is based on scans of millions … continue reading

Google announces OSV for triaging open-source vulnerabilities

Google launched Open Source Vulnerabilities (OSV) this week to provide users with precise data on where a vulnerability was introduced, where it got fixed, and to help users know if they’ve been impacted.  According to Google, OSV solves issues surrounding open-source security using automation in two key ways: improving the accuracy of vulnerability queries and … continue reading

SD Times news digest: WhiteSource launches new vulnerability-based alerts, Rocket Software’s free UniObjects for Python, and Let’s Encrypt warns about compatibility

WhiteSource announced new vulnerability-based alerts designed to speed up and simplify the vulnerability management process. It will provide developers with flexibility when managing alerts as well as providing a more granular view of the issues, according to the company. “The number of known security vulnerabilities has been rising exponentially over the past few years, and … continue reading

DeepCode reveals the top security issues plaguing software developers

DeepCode has revealed the most important bugs as well as the top security vulnerabilities. The analysis comes from the company’s AI-powered code review tool, which analyzed hundreds of thousands of open-source projects to narrow down the vulnerabilities that happen with the most frequency.  According to the analysis, file I/O corruptions are the biggest general issue … continue reading

SD Times news digest: VMware’s acquisition of Pivotal, GitHub Enterprise on AWS Marketplace, and security patches for Git vulnerabilities

VMware announced that it completed the acquisition of Pivotal Software, a cloud-native platform provider. “We believe that modern application development solutions and practices need to be easily accessible to everyday enterprises across the globe. With Pivotal’s developer capabilities as the foundation, we’ll focus on delivering consumable, enterprise-ready cloud native offerings to customers to help them … continue reading

Npm finds binary planting bug and urges users to update

The JavaScript package manage provider npm has found a security vulnerability that can open access to arbitrary files on a user’s system. According to the company, npm versions prior to 6.13.4 made it possible for a globally-installed package to overwrite an existing binary in the target location. Npm is recommending an to update to npm … continue reading

Google introduces invisible reCAPTCHA, beta launch of Cloud Functions for Firebase, and Kaggle joins Google Cloud—SD Times news digest: March 10, 2017

Google is taking reCAPTCHA one step further by making it invisible. Now, human users will be let through without seeing the “I’m not a robot” checkbox, and bot and suspicious users will have to solve challenges that use Google’s risk analysis algorithms. The advantage of reCAPTCHA is its enhanced security, according to Google. It’s a … continue reading

SecurityScorecard: Device owner awareness can improve operating system security

There is an ongoing debate as to which popular operating system is more secure. Despite recent claims that Android is more secure than iPhone, any computing device is only as secure as the information security practices maintained by the device owner, according to an expert from SecurityScorecard. While it is true that Android’s “open-source” operating … continue reading

HPE Security Fortify report finds application security is lacking in DevOps processes

The adoption of DevOps is transforming how companies deliver software, but this shift toward agility and Continuous Delivery is exposing some gaps that persist in application security. A majority of security teams and developers agree that adopting DevOps into their culture can improve application security, but only a small portion of them actually do application … continue reading

Veracode’s State of Software Security Report, Symphony Software Foundation’s Open Developer Platform, and DevExpress open-sources TestCafe—SD Times news digest: Oct. 18, 2016

Veracode today released its findings from its annual State of Software Security Report, which revealed that the persistent use of components in software development is creating unmanaged risk. The report also found that companies can benefit if they accelerate their application security programs. Veracode found that a single popular component with a critical vulnerability spread … continue reading

DMCA.com Protection Status