Today, Snyk made available an edition of its application security posture management (ASPM) tool for assessing application risks that provides more context into how code has been written and its role within the application environment. Manoj Nair, chief product officer for Snyk, said Snyk AppRisk Pro leverages artificial intelligence (AI) and machine learning to provide […]
OpenSSL Fiasco: What can DevOps Learn? | Elon Fires ‘50%’ of Twitter
In this week’s The Long View: The OpenSSL project has egg on its face, and half of Twitter’s staff are for the chop tomorrow.
A Security Vulnerability Management Guide
Living in a container-native world is not easy. Containers have a reputation for being a point of entry for security vulnerabilities for many organizations. In 2015, according to a research paper, over 40% of Docker images distributed through Docker Hub had high-risk vulnerabilities; at that time there were more than 95,000 container images hosted on […]
Top 10 Embedded Security Vulnerabilities
Nearly all of detected security vulnerabilities can be attributed to just 10 types. Here, we discuss the most common cybersecurity vulnerabilities and offer guidance on how to mitigate their risk. Vulnerability 10: Numeric Errors Numeric errors can refer to several different categories of problems, including wrap around errors, improper validation of array index, integer overflow, […]
Synopsys: IoT, ICS More Vulnerable to Security Exploits
A new report shows that internet of things (IoT) implementations and industrial control systems (ICS) are more vulnerable than most to potential zero-day exploits of the open-source protocols, common file formats and APIs they rely on. The report, prepared by vulnerability test firm, Synopsys Inc., is based on 4.8 billion fuzz tests conducted on the […]
Sonatype Report Spotlights Software Supply Chain Issues
Most application developers today don’t write much raw code. Rather, applications developed today are created mostly by combing various modules and widgets to create a custom application. But currently there is little oversight being applied to the provenance of application components, especially when it comes to open-source software. The third annual State of the Software […]