Mobb added an ability to instantly surface patches for vulnerabilities at the time when code is being committed during a DevSecOps workflow.
The Cyber Resilience Act Threatens the Future of Open Source
The EU is set to vote on the CRA July 19, 2023. Sonatype’s Brian Fox believes it’s a threat to the future of open source development.
I Guess This is Growing Up: Devs and CISA’s Secure-by-Design Guidelines
With the downward pressure of a global recession, inflation and general post-pandemic turbulence underpinning disruption to multiple facets of life, it seems only fair that we in the IT, software and security industry would eventually feel the winds of change, too. We have rolled with the punches of escalating cybercrime and data breaches; the collective, […]
ReversingLabs Adds Ability to Detect Secrets in Application Binaries
ReversingLabs today announced it added an ability to detect secrets exposed in application binaries to its Software Supply Chain Security (SSCS) platform. Tomislav Peričin, chief software architect for ReversingLabs, said this addition will make it easier for DevSecOps teams to identify secrets that are inadvertently left in applications as plain text or that can be […]
GitGuardian: 10M Exposed Secrets on GitHub
GitGuardian published an analysis of more than one billion commits to GitHub repositories that found 10 million occurrences of secrets, with one out of 10 developers exposing a secret. Mackenzie Jackson, a developer advocate for GitGuardian, said more than 80% of all the secrets caught by live monitoring GitHub were exposed through personal repositories, with […]
Report Identifies Top 10 Open Source Software Risks
Endor Labs, a provider of a platform for managing open source software, published a report that classifies the top 10 open source software risks of 2023. The company published the list as part of an effort to better educate application development teams about issues that can lead to software supply chain compromises. That list includes: […]
Benefits and Challenges of DevSecOps for Business
Almost every day, there is a new tactic or technique discovered that hackers can use to disrupt a company’s systems, obtain critical data and information or steal money. Often attackers look to exploit vulnerabilities in code to carry out their attacks. Ironically, it’s usually a small piece of code that helps a business perform very […]
Rezilion Updates Open Source MI-X Tool to Better Secure App Development
Rezilion has updated its open source MI-X vulnerability discovery tool to include mitigation and remediation recommendations. In addition, the tool can now produce machine-readable output in either a JSON or CSV format. Finally, the company added Windows support for Heartbleed and SpookySSL vulnerabilities in Windows environments. MI-X makes it possible to use a command line […]
How SASE Can Ease DevSecOps Adoption
DevSecOps is a software development methodology that merges development (Dev), security (Sec) and operations (Ops) into one team that integrates security throughout the entire software development life cycle (SDLC). The goal is to deliver high-quality applications quickly and securely. The traditional software development life cycle introduces security in the late phases of the SDLC. However, […]
Shift Left Testing in Microservices Environments
By now, it’s common knowledge that the later a bug is detected in the software development life cycle (SDLC), the longer it takes and the more expensive it is to fix that bug. In 2017, the Ponemon Institute found that it cost around $80 on average to fix a defect detected early in the SDLC […]