Security News


Top Tech Firms Form Open Source Security Foundation

A group of leading tech industry heavy weights that includes Microsoft, IBM, and Google, announced the formation of a new software foundation to consolidates industry efforts to improve the security of open-source software.

Ivanti and Intel Partner on Device-as-a-Service Offering

Automated IT and security solutions provider Ivanti is partnering with Intel to provide Device-as-a-Service (DaaS) with Intel's Endpoint Management Assistant

New Open Source PASETO Library Offers JWT Alternative

New Java developer library streamlines use of Platform Agnostic Security Tokens (PASETOs) and provides an alternative to JSON Web Tokens (JWT) to authenticate end users.

Red Brick Graphic

Red Hat Enterprise Linux 8.3 Beta Released

Red Hat announces the beta availability of the latest minor release of the RHEL 8 platform.

Google Cloud's Confidential Computing Breakthrough Encrypts Data In-Use

Google Cloud's Confidential Virtual Machines enable users to encrypt their data for the first time in-use--in other words, while it's being processed, in-memory, not just when it's at rest in storage or in-transit.

New No-Cost Tool for Devs To Secure Kubernetes Deployments

DevSecOps solutions provider Alcide has released a beta version of a new solution designed to provide "end-to-end continuous security guardrails" for Kubernetes deployments.

Oracle's Latest Critical Patch Update Includes 15 Fixes for Java SE

The latest Critical Patch Update (CPU) from Oracle, published today, addresses 397 security vulnerabilities across the company's product suite, including 15 patches for Java SE.

New Tool for Kubernetes Shifts Security Left

Alcide has released a new command-line tool designed to allow developers, DevOps pros and Kubernetes app builders to scan their Kubernetes configuration and deployment files and deploy it into their continuous integration pipelines.

Sonatype Updates Lifecycle Tools with Intelligent JavaScript

Sonatype this week announced the availability of an enhanced suite of JavaScript intelligence capabilities designed to provide developers with improved accuracy, increased policy control and faster remediation of open source vulnerabilities.

Google Spotlights Cloud Security at RSA

Google made a number of product announcements this week at the RSA Security Conference, including upgrades to the Chronicle security analytics platform and the general availability of its reCAPTCHA Enterprise and Web Risk API tools.

Microsoft Goes Live with Azure Sphere, Its Linux-Powered IoT Security Platform

Microsoft this week announced the general availability (GA) of Azure Sphere, marking a new phase in its effort to create an overall trusted environment for deploying and using Internet of Things (IoT) devices.

Just Released: Kube-Scan Open Source Scanning Tool for Kubernetes

A startup focused on Kubernetes security has released an open source risk assessment tool for the popular container orchestration platform.

Oracle's CPU Includes Only 12 Security Patches for Java SE

Oracle's first Critical Patch Update (CPU) of 2020, due this week, will include only 12 new security patches for Java Standard Edition (Java SE), just over half the patches published in October 2019.

Parasoft Addresses CWE Software Weaknesses

Software testing tools maker Parasoft announced this week that the latest versions of its Jtest, dotTEST, and C/C++ solutions provide coverage of critical vulnerabilities laid out in the newly updated 2019 Common Weakness Enumeration (CWE) list.

Oracle's Latest CPU Includes 20 Security Patches for Java SE

Oracle’s latest quarterly <a href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" target="_blank">Critical Patch Update</a> (CPU) provides 219 new security patches across Oracle’s product line, including 20 new patches for Java SE. But none of the Java patches in this CPU earned a CVSS risk score of greater than 6.8 out of 10.0.

Autonomous Security Platform Designed for IoT Self Defense

A new security platform that "enables IoT devices to defend themselves against hackers without the need for human intervention" is being demonstrated by NXM Labs, Inc. this week at Arm TechCon 2019.

Red Fog Graphic

API Security Project Identifies Top 10 Vulnerabilities

"Broken object level authorization" is the number one API vulnerability that attackers can exploit to gain access to an organization's data, according to a report from the independent Open Web Application Security Project (OWASP).

Google Publishes App OAuth Verification Guidance

As part of a data security initiative, Google has published guidance for developers to get their apps ready for OAuth verification by the company.

Enterprise Mobility Firm Offers 'Zero Management' Device Security

Enterprise mobility specialist Appdome is out with a new service that secures devices in bring-your-own-device (BYOD) shops without the need to install a management profile.

Another Cloud Service Automates Mobile App Security

Much as low-code tooling has exploded among enterprises needing more apps amid a dearth of skilled professional developers, a new niche appears to be forming: automated cloud security services for iOS and Android projects.

AppTrends

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.

Upcoming Events