Palo Alto Networks this week extended its efforts to secure application environments by agreeing to acquire Cider Security, a provider of a platform for securing continuous integration/continuous delivery (CI/CD) platforms, for approximately $195 million in cash. The acquisition of Cider Security, scheduled to close this quarter, will extend the reach of the company’s Prisma Cloud […]
Critical Vulnerability Discovered in Open Source Backstage Platform
Oxeye today disclosed that it has discovered a critical vulnerability in the open source Backstage software used to build developer portals. Backstage was originally created by Spotify. A 1.5.1 update to the Backstage platform remediated a sandbox escape vulnerability that can occur via a third-party Scaffolder plug-in that could be used to conduct unauthenticated remote […]
Codenotary Automates SBOM Creation
Codenotary today launched a tool that enables an application to automatically generate a software bill of materials (SBOM) by adding a single line to its source code. Codenotary CEO Moshe Bar said TrueSBOM makes it possible to self-report the components used to construct applications to any organization that uses them for the first time. In […]
Aqua Security Claims Compliance With Biden’s Executive Order
Aqua Security this week claimed it is the first software supply chain security platform provider to meet the attestation requirements as defined by an executive order issued to federal agencies last year by the Biden administration. A supplementary memo issued by the Biden administration required federal agencies to collect compliance attestation letters for all software […]
Rust Momentum Intensifies | Elon Says No WFH
In this week’s The Long View: People won’t shut up about Rustlang, and Musk mandates Twitter teams return to the office.
2023 Application Security Budgets on the Rise
A survey of 500 DevSecOps professionals in the U.S. found nearly three-quarters (73%) of organizations plan to increase investment in application security in 2023. The survey, conducted by Wakefield Research on behalf of Invicti, a provider of dynamic application security testing (DAST) tools, also found 97% of DevSecOps teams said they ignored a real vulnerability […]
Update to Open Source ZAP Tool Improves DAST Performance
An update to the OWASP Zed Attack Proxy (ZAP) open source dynamic application security testing (DAST) tool made available today improves performance by employing a multi-threaded passive scanner engine. Version 2.12.0 of ZAP also adds support for HTTP/2 and should make it simpler to update the vulnerability scanning tool by making the spider that discovers […]
PlanSecOps: Incorporating Security Strategies in Design
Organizations that don’t adapt and change aren’t likely to survive. The same can be said about DevSecOps, a discipline created to ensure security is baked into the software development process, not an add-on after the code is approved. And as much as DevSecOps has changed the software development world for the better, it is time […]
Sigstore Code Signing Service Becomes Generally Available
A free digital signing service for software created by the Sigstore open source community has become generally available this week via the cloud. Announced at the SigstoreCon event that occurred during the KubeCon + CloudNativeCon North America conference, the cloud service makes it possible for developers to both cryptographically sign artifacts and verify that the […]
SaaS Data Backup and the API Bottleneck
The need to protect SaaS data has never been greater. A recent global survey from Odaseva found that 51% of ransomware attacks are targeting SaaS data, and they are more likely to succeed (52%) than were attacks on cloud, endpoint and on-premises data. But there are plenty of reasons beyond the threat of ransomware to […]
- « Previous Page
- 1
- …
- 10
- 11
- 12
- 13
- 14
- …
- 25
- Next Page »