-
By John K. Waters
White House publishes guidelines requiring government agencies to obtain formal assurances from third-party software providers that they are following secure software development practices.
-
By John K. Waters
The Spring Security team plans to release Spring Authorization Server, it long-awaited in November of this year.
-
By Mark J. Balbes, Ph.D.
Our Agile Architect wants to talk about lessons learned from his experiences with test automation. As usual, he does it in his own unique way.
-
By John K. Waters
App security tools provider Contrast Security adds software composition analysis capabilities to its free in CodeSec "developer-first" scanner.
-
By John K. Waters
Application security testing company Checkmarx and cybersecurity workflow and productivity startup Seemplicity today announced a new partnership aimed at simplifying the "find-to-fix" lifecycle and accelerating the time to remediation of vulnerabilities found throughout the software development lifecycle .
-
By John K. Waters
Veeam Software kicks off its annual user conference with a product roadmap that showcases features planned for the release of Veeam Backup & Replication v12, as well as key solution innovations for cloud-native solutions, SaaS offerings, and some deeper integrations of Kasten by Veeam K10 for Kubernetes.
-
By John K. Waters
The OpenSSF announced 19 new members, including Citi, Huawei, Spotify, Alibaba, and JFrog, who added their names to a roster that already includes Google, Microsoft, AWS, Meta, and Cisco.
-
By John K. Waters
Cybersecurity solutions provider Contrast Security unveils four new GitHub Actions aimed at making the process of automating security testing within native pipelines more accessible to developers.
-
By John K. Waters
The Application Security Division of NTT Ltd. releases a solution designed to make it possible for developers to conduct dynamic application security testing (DAST) at each phase of the software development cycle.
-
The U.S. Federal Trade Commission intends to use its "full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of the Log4j vulnerability," the commission warned.
-
By John K. Waters,
Kurt Mackie
A critical-remote code execution vulnerability in the widely used Log4j open-source Java logging library, "has given cybercriminals the perfect attack campaign on a silver platter."
-
By John K. Waters
Synopsys, a provider of electronic design automation (EDA), semiconductor IP, and application security testing tools and services, acquires app vulnerability management company Code Dx.
-
By John K. Waters
Cybersecurity pros have a new online resource, the RSAC Marketplace, which its creators describe as "the equivalent of a year-round RSA expo."
-
By John K. Waters
Sonatype expands the latest version of its Nexus platform to offer "full-spectrum control of the cloud-native software development lifecycle."
-
By John K. Waters
GrammaTech today announced a technology partnership with GitLab to integrate the GrammaTech CodeSonar Static Application Security Testing solution with GitLab's Ultimate DevSecOps platform.
-
By John K. Waters
Application Security Testing solutions provider Veracode today announced the launch of a two-week collegiate competition designed to challenge student teams in the U.S. and the U.K. to test their secure coding skills.
-
By John K. Waters
Software security solutions provider Checkmarx today launched a new open-source static analysis tool designed to allow developers to write more secure infrastructure-as-code.
-
Java apps earn higher security vulnerability score than .NET apps, a Contrast Lab report finds.
-
By John K. Waters
A new report from Application Security Testing (AST) solutions provider Veracode shows that software developers working in the retail and hospitality sector are fixing flaws in their companies' software at a faster rate than five other sectors--despite having to work with applications that tend to be older and larger than other sectors.
-
By John K. Waters
Red Hat announced that it is acquiring Kubernetes-native security provider StackRox sometime in the first quarter of 2021. It's first acquisition by Red Hat since it was acquired by IBM.
-
By John K. Waters
BMC unveils new capabilities and enhancements for its Automated Mainframe Intelligence (AMI) and Compuware portfolios to protect mainframe customers' uptime and availability, defend the mainframe against cybersecurity threats, and advance enterprise DevOps.
-
By John K. Waters
Ivanti enhances the capabilities of its flagship Enterprise Service Management (ESM) portfolio with greater automation capabilities between service management and SecOps.
-
By John K. Waters
Cloud security provider Accurics announced that it is extending support in its Terrascan open-source tool for detecting compliance and security violations across Infrastructure as Code to two Cloud Native Computing Foundation projects: Helm and Kustomize.
-
Version 1.0 of the new debugger for Python in Visual Studio Code (VS Code), called Debugpy, shows up in the latest update of the popular Python tooling for the open source, cross-platform code editor.
-
By John K. Waters
A new report from Veracode analyzes 130,000 applications, and finds that it takes about six months for teams to close half the security flaws they find.