Application Security
Application Security | News, how-tos, features, reviews, and videos
Canonical security subscriptions for Ubuntu Linux now available
Security maintenance service for Ubuntu LTS releases offers CVE protection and security updates for some 23,000 packages beyond the main OS.
What is DevSecOps? Securing devops pipelines
DevSecOps evolves devops concepts with tools and practices that embed security in every layer of the software development life cycle. Here's why more companies are embracing DevSecOps.
Qualys previews TotalCloud FlexScan for multicloud security management
Agentless security management system aims to simplify vulnerability management for security teams and developers in cloud and hybrid cloud environments.
![Digital bugs amid binary code. [security threats / malware / breach / hack / attack]](https://images.idgesg.net/images/article/2020/09/digital_bugs_amid_binary_code_security_threats_malware_breach_hack_attack_by_whatawin_gettyimages-1188254819_2400x1600-100858616-small.3x2.jpg?auto=webp&quality=85,70)
Azul detects Java vulnerabilities in production apps
Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.
Most reported CVEs for Docker Hub images are harmless
JFrog used Xray Container Contextual Analysis to scan the 200 most popular community images in Docker Hub, then tallied the results for the 10 most common CVEs. 78% were not exploitable.
Public package repos expose thousands of API security tokens—and they’re active
JFrog’s new Xray Secrets Detection uncovered active access tokens in popular open-source software registries including Docker, npm, and PyPI. Here are our findings and takeaways.
Enterprises embrace devsecops practices against supply chain attacks
Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google Cloud's DORA research...
AutoRabit launches devsecops tool for Salesforce environments
CodeScan Shield comes with a new module, OrgScan, which governs organizational policies by enforcing the security and compliance rules mandated for Salesforce environments.
Security is hard and won’t get much easier
Software systems are complex, and development teams have conflicting goals. Oh, and people are imperfect.
Kubescape boosts Kubernetes scanning capabilities
End-to-end open source security platform for Kubernetes has added vulnerability scanning for code repositories and container image registries.
Zero-knowledge proof finds new life in the blockchain
ZKP has decades of history in computer science and cryptography. Now, it's evolving to support decentralized authentication for blockchains and web3.
How Cloudflare emerged to take on AWS, Azure, and Google Cloud
The upstart internet security and edge infrastructure company has reinvented itself to challenge the hyperscale cloud providers. Can it succeed?
It’s past time to figure out cross-cloud security
The people deploying multicloud will tell you that 'security is a nightmare.' Cross-cloud abstraction and automation of security services is the right solution.
Build SBOMs with Microsoft’s SPDX SBOM generator
Microsoft is making its internal, cross-platform, software bill of materials generation tool public and open source.
7 biggest Kubernetes security mistakes
The most dangerous security holes are often the most basic. Start improving your Kubernetes security posture by fixing these simple mistakes.
How we’ll solve software supply chain security
Security teams need a standard set of processes for locking down roots of trust for software artifacts, and developers need a clear path to balance open source selection against security policies. Open source has answers.
Securing data at rest and data in motion
The threats to your company’s data are many and varied, and so are the techniques for keeping that data safe and secure.
Software developers have a supply chain security problem
Every day, software developers implicitly trust software packages, container images, dependency maintainers, repository operators, and build systems that we don’t know anything about. It’s the opposite of Zero Trust.
Identity, trust, and their role in modern applications
Identity, trust, and trust sharing are indispensable to our belief in the validity of the services we interact with on the internet.
