Topic: vulnerability

Report: Remote work created vulnerabilities in systems designed for in-office workforce

As employees transitioned to working from home, this created new vulnerabilities in systems designed for a centralized, in-office workforce and also resulted in a spike in cybercriminal activity. This is according to the new 2021 Network Security Report conducted by the cybersecurity and managed security services provider Trustwave which is based on scans of millions … continue reading

Google announces OSV for triaging open-source vulnerabilities

Google launched Open Source Vulnerabilities (OSV) this week to provide users with precise data on where a vulnerability was introduced, where it got fixed, and to help users know if they’ve been impacted.  According to Google, OSV solves issues surrounding open-source security using automation in two key ways: improving the accuracy of vulnerability queries and … continue reading

SD Times news digest: WhiteSource launches new vulnerability-based alerts, Rocket Software’s free UniObjects for Python, and Let’s Encrypt warns about compatibility

WhiteSource announced new vulnerability-based alerts designed to speed up and simplify the vulnerability management process. It will provide developers with flexibility when managing alerts as well as providing a more granular view of the issues, according to the company. “The number of known security vulnerabilities has been rising exponentially over the past few years, and … continue reading

DeepCode reveals the top security issues plaguing software developers

DeepCode has revealed the most important bugs as well as the top security vulnerabilities. The analysis comes from the company’s AI-powered code review tool, which analyzed hundreds of thousands of open-source projects to narrow down the vulnerabilities that happen with the most frequency.  According to the analysis, file I/O corruptions are the biggest general issue … continue reading

SD Times news digest: VMware’s acquisition of Pivotal, GitHub Enterprise on AWS Marketplace, and security patches for Git vulnerabilities

VMware announced that it completed the acquisition of Pivotal Software, a cloud-native platform provider. “We believe that modern application development solutions and practices need to be easily accessible to everyday enterprises across the globe. With Pivotal’s developer capabilities as the foundation, we’ll focus on delivering consumable, enterprise-ready cloud native offerings to customers to help them … continue reading

Npm finds binary planting bug and urges users to update

The JavaScript package manage provider npm has found a security vulnerability that can open access to arbitrary files on a user’s system. According to the company, npm versions prior to 6.13.4 made it possible for a globally-installed package to overwrite an existing binary in the target location. Npm is recommending an to update to npm … continue reading

Google introduces invisible reCAPTCHA, beta launch of Cloud Functions for Firebase, and Kaggle joins Google Cloud—SD Times news digest: March 10, 2017

Google is taking reCAPTCHA one step further by making it invisible. Now, human users will be let through without seeing the “I’m not a robot” checkbox, and bot and suspicious users will have to solve challenges that use Google’s risk analysis algorithms. The advantage of reCAPTCHA is its enhanced security, according to Google. It’s a … continue reading

SecurityScorecard: Device owner awareness can improve operating system security

There is an ongoing debate as to which popular operating system is more secure. Despite recent claims that Android is more secure than iPhone, any computing device is only as secure as the information security practices maintained by the device owner, according to an expert from SecurityScorecard. While it is true that Android’s “open-source” operating … continue reading

HPE Security Fortify report finds application security is lacking in DevOps processes

The adoption of DevOps is transforming how companies deliver software, but this shift toward agility and Continuous Delivery is exposing some gaps that persist in application security. A majority of security teams and developers agree that adopting DevOps into their culture can improve application security, but only a small portion of them actually do application … continue reading

Veracode’s State of Software Security Report, Symphony Software Foundation’s Open Developer Platform, and DevExpress open-sources TestCafe—SD Times news digest: Oct. 18, 2016

Veracode today released its findings from its annual State of Software Security Report, which revealed that the persistent use of components in software development is creating unmanaged risk. The report also found that companies can benefit if they accelerate their application security programs. Veracode found that a single popular component with a critical vulnerability spread … continue reading

New Google Play developer features, Toyota Research invests in AI, FreeBSD vulnerabilities, and Swordphish’s public beta—SD Times news digest: August 11, 2016

Google is giving Android developers new ways to stay informed about their apps. The company is updating the Google Play Developer Console app with new features for reviews and experiments. “With over one million apps published through the Google Play Developer Console, we know how important it is to publish with confidence, acquire users, learn … continue reading

Dependency CI reviews potential vulnerabilities for open-source projects

The founder of an open-source library discovery service launched a new project today that can continuously test open-source dependencies for potential vulnerabilities and other issues. The project is Dependency CI, an open-source tool that integrates directly into a GitHub workflow just like other CI systems. It runs a set of configurable tests on any dependency … continue reading

Ad will close in seconds
Continue to site
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!