Security
Security | News, how-tos, features, reviews, and videos
A new hope for software security
From package signing to SBOMs to new developer toolchains, the pieces for securing the software supply chain are starting to come together.
JFrog Curation blocks malicious open source software packages
DevSecOps system validates incoming software packages against JFrog’s security research library to establish a repository of trustworthy components for software developers to use.
Golang vulnerability checker flags Go vulnerabilities
Govulncheck is a command-line utility that uses the Go vulnerability database to identify known vulnerabilities in Go source code and Go binaries.
The unhappy reality of cloud security in 2023
Let's talk about how you can stay off the growing list of companies that have been hacked. Spoiler alert: It takes money and commitment.
Millions of GitHub repositories vulnerable to RepoJacking: Report
AquaSec analyzed a sample of 1% of GitHub repositories and found that about 37,000 of them are vulnerable to RepoJacking, including the repositories of companies such as Google and Lyft.
GitLab Dedicated offers single-tenant, SaaS-based devsecops
Service hosted and managed by GitLab is geared to users with strict compliance requirements such as isolation, data residency, and private networking.
Malicious hackers are weaponizing generative AI
The powerful capabilities of ChatGPT are being used against enterprise systems. Malicious packages and AI hallucinations are a few of the growing threats.
7 key features for Kubernetes and container security
Uptycs combines threat detection for Kubernetes and container runtimes, along with automated registry scanning and Kubernetes hardening checks. Here are the highlights.
Frontegg launches entitlements engine to streamline access authorization
Frontegg’s new entitlement engine will be powered by context-aware logic controls (CALC) technology to effect context-based, fine-grained authorization controls.
Disaster recovery in the cloud
Underestimate the complexity and cost of cloud computing backup and recovery and you risk missing data and lost customers. Here’s what to do.
AppMap: A map to reduce developer toil
Open-source AppMap brings runtime code analysis into the developer’s code editor, providing the feedback needed to address performance and security issues during development and reduce code rework.
How to reduce your devops tool sprawl
After a decade of software development and operations teams embracing every ‘right tool for the job,’ it’s time to start tool consolidation efforts. Here’s where to start.
Don't overlook attack surface management
As cloud computing becomes a scarier place given the rise in threats, it’s time to focus on the basics of ASM that safeguard cloud applications and data.
Sigstore: Roots of trust for software artifacts
Sigstore has become the default software signing method for everything from Kubernetes to NPM, Maven, and PyPi, verifying the integrity of more than a million open source packages.
A practical guide to React Native authentication
Using React Native authentication to verify user identities is a relatively painless and straightforward process that not only protects your company’s data and your user’s privacy, but also improves the user experience.
Designing user management for machine-to-machine interactions
Machines are users, too, and you will have to treat them like users to ensure that the services they use are available, fast, scalable, and secure. Here’s how.
Google launches dependency API and curated package repository with security metadata
With the two new services, Google aims to help minimize risk from malicious code in the software supply chain.
OpenAI starts bug bounty program with cash rewards up to $20,000
Based on the severity and impact of the reported vulnerability, OpenAI will hand out cash rewards ranging from $200 for low-severity findings to up to $20,000 for exceptional discoveries.