-
By John K. Waters
Alcide has released a new command-line tool designed to allow developers, DevOps pros and Kubernetes app builders to scan their Kubernetes configuration and deployment files and deploy it into their continuous integration pipelines.
-
Sonatype this week announced the availability of an enhanced suite of JavaScript intelligence capabilities designed to provide developers with improved accuracy, increased policy control and faster remediation of open source vulnerabilities.
-
By John K. Waters
Google made a number of product announcements this week at the RSA Security Conference, including upgrades to the Chronicle security analytics platform and the general availability of its reCAPTCHA Enterprise and Web Risk API tools.
-
Microsoft this week announced the general availability (GA) of Azure Sphere, marking a new phase in its effort to create an overall trusted environment for deploying and using Internet of Things (IoT) devices.
-
This week the Eclipse Foundation entered into a partnership to support another foundation's open-source technology.
-
By John K. Waters
A startup focused on Kubernetes security has released an open source risk assessment tool for the popular container orchestration platform.
-
By John K. Waters
Oracle's first Critical Patch Update (CPU) of 2020, due this week, will include only 12 new security patches for Java Standard Edition (Java SE), just over half the patches published in October 2019.
-
By John K. Waters
Software testing tools maker Parasoft announced this week that the latest versions of its Jtest, dotTEST, and C/C++ solutions provide coverage of critical vulnerabilities laid out in the newly updated 2019 Common Weakness Enumeration (CWE) list.
-
By John K. Waters
Oracle’s latest quarterly Critical Patch Update (CPU) provides 219 new security patches across Oracle’s product line, including 20 new patches for Java SE. But none of the Java patches in this CPU earned a CVSS risk score of greater than 6.8 out of 10.0.
-
By Richard Seeley
A new security platform that "enables IoT devices to defend themselves against hackers without the need for human intervention" is being demonstrated by NXM Labs, Inc. this week at Arm TechCon 2019.
-
By Richard Seeley
"Broken object level authorization" is the number one API vulnerability that attackers can exploit to gain access to an organization's data, according to a report from the independent Open Web Application Security Project (OWASP).
-
As part of a data security initiative, Google has published guidance for developers to get their apps ready for OAuth verification by the company.
-
Enterprise mobility specialist Appdome is out with a new service that secures devices in bring-your-own-device (BYOD) shops without the need to install a management profile.
-
Much as low-code tooling has exploded among enterprises needing more apps amid a dearth of skilled professional developers, a new niche appears to be forming: automated cloud security services for iOS and Android projects.
-
New research indicates that even though mobile developers may follow security best practices in their projects, their apps may be contacting cloud-based backend platforms that can introduce vulnerabilities without their knowledge.
-
Major code vulnerabilities detected in the network stack of up to 200 million IoT devices could enable attackers to remotely execute code and take over or shut down devices in the field.
-
Secure-D has unveiled a free mobile malware center that lets developers and others see suspicious Android apps.
-
By John K. Waters
Oracle's summer Critical Patch Update is expected to contain 322 patches across the company's product line, including 10 security fixes for Java Standard Edition (Java SE).
-
Persistent mobile app development security issues -- in an age of unrelenting demand for more enterprise mobile apps -- can now be addressed with a cloud-based, upload-and-protect service.
-
New research from security vendor Positive Technologies examines vulnerabilities and threats in mobile applications, stating that the security level of iOS and Android apps is "roughly equivalent between the two platforms."
-
Research firm IDC has published a sponsored whitepaper examining the use of Android devices in the enterprise, where Google's flagship mobile OS fights security-related perceptions in its battle with Apple's iOS for business market share.
-
This week Shanghai, China-based VeChain announced ToolChain, a new blockchain-as-a-service (BaaS) offering for developers in a small- to medium-sized business environment.
-
By John K. Waters
All of the five Java SE vulnerabilities identified in the latest Critical Patch Update are remotely exploitable, and at least one is probably exploitable without the need for authentication.
-
By John K. Waters
The National Security Agency has open sourced its Ghidra software reverse engineering (SRE) framework.
-
According to a recent IoT security report from F-Secure, a lack of good password security (or no password at all) combined with unpatched vulnerabilities contribute to 87 percent of all IoT attacks.