Category: InfoWorld Security

In a highly-anticipated federal ruling on July 3, US District Court Judge Ada Brown determined that the US Federal Trade Commission (FTC) did not have the authority to issue a nationwide ban of non-compete agreements. Although the judge’s decision was…

Read more →

While their business and tech colleagues are busy experimenting and developing new applications, cybersecurity leaders are looking for ways to anticipate and counter new, AI-driven threats. It’s always been clear that AI impacts cybersecurity, but it’s a two-way street. Where…

Read more →

GitHub’s Artfact Attestations, for guaranteeing the integrity of artifacts built inside the GitHub Actions CI/CD platform, is now generally available. General availability was announced June 25. By using Artifact Attestations in GitHub Actions workflows, developers can improve security and protect…

Read more →

GitHub’s Artfact Attestations, for guaranteeing the integrity of artifacts built inside the GitHub Actions CI/CD platform, is now generally available. General availability was announced June 25. By using Artifact Attestations in GitHub Actions workflows, developers can improve security and protect…

Read more →

GitHub’s Artfact Attestations, for guaranteeing the integrity of artifacts built inside the GitHub Actions CI/CD platform, is now generally available. General availability was announced June 25. By using Artifact Attestations in GitHub Actions workflows, developers can improve security and protect…

Read more →

GitLab’s recent survey of 5,315 devsecops professionals worldwide found that organizations are prioritizing investments in AI, security, and automation. But specific areas such as software supply chain security warrant particular attention, the company said. Results of the survey, conducted in…

Read more →

As businesses increasingly migrate to the cloud, chief information security officers (CISOs) face numerous critical challenges in ensuring robust cloud security. Don’t believe me? Experts highlighted this at the recent Gartner Security & Risk Management Summit. Gartner projects a significant…

Read more →

Configuring basic continuous integration and continuous delivery (CI/CD) pipelines that automate packaging, compiling, and pushing code to application delivery environments is considered a fundamental devsecops practice. By automating a path to production, devsecops teams can reduce errors, increase deployment frequency,…

Read more →

GitLab has unveiled GitLab 17, a major update of its devsecops platform that brings a CI/CD catalog of reusable pipeline components and an AI impact dashboard. The company also announced GitLab Duo Enterprise, an AI-powered assistant that helps detect vulnerabilities…

Read more →

I once transitioned from a SaaS CTO role to become a business unit CIO at a Fortune 100 enterprise that aimed to bring startup development processes, technology, and culture into the organization. The executives recognized the importance of developing customer-facing…

Read more →

The innovation hub of RSAC 2024, the RSAC Early Stage Expo was specifically designed to showcase emerging players in the information security industry. Among the 50 exhibitors crammed into the second floor booth space, seven VC-backed up-and-comers in application security…

Read more →

The innovation hub of RSAC 2024, the RSAC Early Stage Expo was specifically designed to showcase emerging players in the information security industry. Among the 50 exhibitors crammed into the second floor booth space, seven VC-backed up-and-comers in application security…

Read more →

GitHub has introduced Artifact Attestations, a software signing and verification feature based on Sigstore that protects the integrity of software builds in GitHub Actions workflows. Artifiact Attestations is now available in a public beta. Announced May 2, Artifact Attestations allows…

Read more →

The recent discourse around the security of cloud computing in the banking sector, highlighted by Nicholas Fearn’s piece in the Financial Times, paints a somewhat grim picture of the cybersecurity landscape when it comes to banks moving to cloud computing.…

Read more →

How do we ensure that the code we’re installing is, at the very least, the code that a vendor shipped? The generally accepted solution is code signing, adding a digital signature to binaries that can be used to ensure authorship.…

Read more →

Java services are the most-impacted by third-party vulnerabilities, according to the “State of DevSecOps 2024” report just released by cloud security provider Datadog. Released on April 17, the report found that 90% of Java services were susceptible to one or…

Read more →

As of the first quarter of 2024, 83% of developers were involved in devops-related activities such as performance monitoring, security testing, or CI/CD, according to the State of CI/CD Report 2024, published by the Continuous Delivery (CD) Foundation, a part…

Read more →

Modern software applications are underpinned by a large and growing web of APIs, microservices, and cloud services that must be highly available, fault tolerant, and secure. The underlying networking technology must support all of these requirements, of course, but also…

Read more →

The Rust language team has published a point release of Rust to fix a critical vulnerability to the standard library that could benefit an attacker when using Windows. Rust 1.77.2, published on April 9, includes a fix for CVE-2024-24576. Before…

Read more →

Synopsys has introduced Black Duck Supply Chain Edition, a software composition analysis (SCA) package that helps organizations mitigate upstream risk in software supply chains, including from AI code. Announced April 9, Black Duck Supply Chain Edition is intended to address…

Read more →

Synopsys has introduced Black Duck Supply Chain Edition, a software composition analysis (SCA) package that helps organizations mitigate upstream risk in software supply chains, including from AI code. Announced April 9, Black Duck Supply Chain Edition is intended to address…

Read more →

Over the past decade, Rust has emerged as a language of choice for people who want to write fast, machine-native software that also has strong guarantees for memory safety. Other languages, like C, may run fast and close to the…

Read more →

2023 has been a breakout year for developers and generative AI. GitHub Copilot graduated from its technical preview stage in June 2022, and OpenAI released ChatGPT in November 2022. Just 18 months later, according to a survey by Sourcegraph, 95%…

Read more →

The key benefits of platform engineering are increased developer productivity, better quality of software, reduced lead time for deployment, and more stable applications, according to Puppet by Perforce’s 2024 State of Devops Report: The Evolution of Platform Engineering. The report…

Read more →

The benefits of developing software in the cloud include increased flexibility and reliability, greater efficiency, and reduced costs. But cloud-based development also presents a host of challenges. Knowing what to watch out for is the first step to protecting your applications…

Read more →

Java Development Kit (JDK) 22, released by Oracle March 19 as the latest version of standard Java, offers a number of security enhancements, covering areas ranging from an asymmetric key interface to a new security option for -XshowSettings that allows…

Read more →

GitHub is previewing code scanning autofix, a feature that combines its GitHub Copilot AI assistant with its CodeQL code scanner to provide suggested fixes to discovered vulnerabilities. Code scanning autofix is available in a public beta to GitHub Advanced Security…

Read more →

In JFrog’s just-released Software Supply Chain State of the Union 2024 report, the software supply chain platform provider found extensive use of AI and machine learning tools for security. However, only one in three software developers the company surveyed use…

Read more →

The internet of things (IoT) has transformed the way we interact with the world, connecting a myriad of devices to the internet, from smart thermostats in our homes to industrial sensors in manufacturing plants. A significant portion of these IoT…

Read more →

C++ creator Bjarne Stroustrup has defended the widely used programming language in response to a Biden administration report that calls on developers to use memory-safe languages and avoid using vulnerable ones such as C++ and C. In a March 15…

Read more →

Frank Crane wasn’t talking about open source when he famously said, “You may be deceived if you trust too much, but you will live in torment if you don’t trust enough.” But that’s a great way to summarize today’s gap…

Read more →

The US federal government has released a software attestation form intended to ensure that software producers partnering with the government leverage minimum secure development techniques and tool sets. The form was announced March 11 by the Department of Homeland Security’s…

Read more →

JetBrains has released fixes for two critical security vulnerabilities in its TeamCity On-Premises CI/CD system discovered by cybersecurity company Rapid7. The two vulnerabilities reported in late-February by Rapid7 would enable an authenticated attacker with HTTP(S) access to a TeamCity On-Premises…

Read more →

Cloudflare has announced the development of Firewall for AI, a protection layer that can be deployed in front of large language models (LLMs) that promises to identify abuses before they reach the models. Unveiled March 4, Firewall for AI is…

Read more →

President Joseph Biden has issued an executive order intended to protect Americans’ sensitive personal data from exploitation from countries of concern including China, Russa, Iran, and North Korea. Issued February 28, the order authorizes the attorney general to prevent the…

Read more →

GitHub has begun rolling out push protection for all of its users, a secrets scanning feature that gives users the option to remove secrets from commits or bypass a block. The policy, announced February 29, affects supported secrets. It might…

Read more →

With the growth of sophisticated attacks against critical software and infrastructure systems, multi-factor authentication (MFA) has emerged as a critical layer of defense against unauthorized access. An increasing number of enterprise and developer-facing technology applications and platforms, from GitHub to…

Read more →

Nearly three-quarters of codebases assessed for risk by Synopsis in 2023 contained open source components with high-risk vulnerabilities, according to a just-released report from the company, a provider of application security testing tools. While the number of codebases with at…

Read more →

US President Joe Biden’s administration wants software developers to use memory-safe programming languages and ditch vulnerable ones like C and C++. The White House Office of the National Cyber Director (ONCD), in a report released Monday, called on developers to…

Read more →

GitHub’s AI-powered coding assistant, GitHub Copilot, may suggest insecure code when the user’s existing codebase contains security issues, according to developer security company Snyk. GitHub Copilot can replicate existing security issues in code, Snyk said in a blog post published…

Read more →

Martin Hellman achieved legendary status as co-inventor of the Diffie-Hellman public key exchange algorithm, a breakthrough in software and computer cryptography. That invention and his ongoing work in cryptography and digital signatures earned him a Turing award in 2015. He has since…

Read more →

Salesforce-owned MuleSoft has released the Anypoint Flex Gateway Policy Development Kit (PDK). The PDK allows developers of every skill level to quickly build policies to detect and protect sensitive data sent to APIs, the company said. Now a feature of…

Read more →

Last year’s MOVEit and 3CX vulnerabilities offered a stark reminder of the risk software supply chain attacks pose today. Threat actors exploit vulnerabilities to infiltrate a software provider’s network and modify the software’s original functionality with malicious code. Once the…

Read more →

Application security company Mobb has released an automatic vulnerability fixer for GitHub users. The tool monitors GitHub pull requests and offers code fixes within software development workflows. Unveiled January 23, Mobb Fixer provides developers with code fixes for security alerts…

Read more →

Authentication and authorization rank among the top priorities for application developers today. While they’re often used interchangeably, they actually represent two very different things. Yet in order to ensure a secure and seamless experience for users, both must work in concert. To illustrate the distinction…

Read more →

Software supply chain provider JFrog is integrating with the Amazon SageMaker cloud-based machine learning platform to incorporate machine learning models into the software development lifecycle. The JFrog platform integration with Amazon SageMaker, available now, ensures artifacts produced by data scientists…

Read more →

Cloud finops is the discipline of accounting for and optimizing cloud computing spending. It’s a reaction to years of undisciplined cloud spending or a way to bring order back to using cloud resources. Overall, it is a step in the…

Read more →

When cloud computing became enterprise-ready, and tools such as continuous integration and continuous delivery, infrastructure as code, and Kubernetes became mainstream, it marked a clear paradigm shift in dev and ops. The work separating dev and ops became devops responsibilities,…

Read more →

Most security issues in the cloud can be traced back to someone doing something stupid. Sorry to be that blunt, but I don’t see ingenious hackers out there. I do see misconfigured cloud resources, such as storage and databases, that…

Read more →

Software development is currently undergoing a profound transformation, marked by a quiet yet remarkable surge in advanced automation. This impending shift promises to streamline the creation and deployment of high-quality applications on an unprecedented scale. Rather than a single technology…

Read more →

I recently moderated a session for the CSO Cybersecurity Summit on building resilience and addressing employee anxiety amid organizational transformation. My session focused on the stresses and burnout experienced by security teams, including recent data showing that 94% of chief…

Read more →

The arrival of ChatGPT in late 2022 and the ensuing cascade of large language models ensured that 2023 will forever be known as the year of generative AI (GenAI). With amazing speed, generative AI has rippled across the entire information…

Read more →

One of the biggest challenges facing any enterprise using the public cloud is the fact that it’s public. Yes, your applications run in isolated virtual machines and your data sits in its own virtual storage appliances, but there’s still a…

Read more →

It’s been over 10 years since Shannon Lietz introduced the term DevSecOps, aiming to get security a seat at the table with IT developers and operators. The question is, how far has security come since then? Do DevSecOps teams have…

Read more →

If there is anything that keeps cloud development leaders up at night, it’s the fact that the risk of an impending security breach is scarily high. If I go around the room at any enterprise development meeting, devops engineers, cloud…

Read more →

The emergence of cloud-native architectures has dramatically changed the ways applications are developed, deployed, and managed. While cloud-native architectures offer significant benefits in terms of scalability, elasticity, and flexibility, they also introduce unique security challenges. These challenges often diverge from…

Read more →

Since the proliferation of large language models (LLMs), like OpenAI’s GPT-4, Meta’s Llama 2, and Google’s PaLM 2, we have seen an explosion of generative AI applications in almost every industry, cybersecurity included. However, for a majority of LLM applications,…

Read more →

Oracle is open-sourcing Jipher, a Java Cryptography Architecture (JCA) provider built for security and performance that has been used by the company’s cloud platform, the company said on November 7. Jipher was developed for environments with FIPS (Federal Information Processing…

Read more →

.NET 8, a planned upgrade to Microsoft’s cross-platform, open source development platform, is set to improve identity management, authentication, and authorization thanks to enhancements in the security vein delivered by the ASP.NET Core team. Identity features in .NET 8 are…

Read more →

Developers have long used sites like Stack Overflow as forums where they could get code examples and assistance. That community is rapidly being replaced by generative AI tools such as ChatGPT. Today, developers ask AI chatbots to help create sample code, translate…

Read more →

Cloud has become synonymous with enterprise IT, but let’s not get ahead of ourselves. Though enterprises now spend roughly $545 billion annually on cloud infrastructure, according to IDC, and 41% of that spend goes to the top five cloud providers,…

Read more →

In today’s rapidly transforming digital world, APIs have become the linchpin for quick delivery of business functionality. These digital connectors underpin much of the enterprise innovation we witness today, from seamless customer experiences to integrated partner ecosystems. Yet, as the…

Read more →

The layoffs are happening in the wake of a market retraction, Splunk CEO Gary Steele said. This article has been indexed from InfoWorld Security Read the original article: Splunk cuts 7% of workforce ahead of Cisco acquisition

Read more →

It’s budget time for many enterprises, and the question that I get most this time of year is: What should we work on in 2024 to improve our cloud computing deployments? I came up with my top three, with the…

Read more →