Tag: secure code
Report Identifies Top 10 Open Source Software Risks
Endor Labs, a provider of a platform for managing open source software, published a report that classifies the top 10 open source software risks of 2023. The company published the list as ...
Benefits and Challenges of DevSecOps for Business
Almost every day, there is a new tactic or technique discovered that hackers can use to disrupt a company’s systems, obtain critical data and information or steal money. Often attackers look to ...
Rezilion Updates Open Source MI-X Tool to Better Secure App Development
Mike Vizard | | application security, Rezilion, secure code, Software Supply Chain, vulnerability scanningRezilion has updated its open source MI-X vulnerability discovery tool to include mitigation and remediation recommendations. In addition, the tool can now produce machine-readable output in either a JSON or CSV format ...
How SASE Can Ease DevSecOps Adoption
DevSecOps is a software development methodology that merges development (Dev), security (Sec) and operations (Ops) into one team that integrates security throughout the entire software development life cycle (SDLC). The goal is ...
Shift Left Testing in Microservices Environments
By now, it’s common knowledge that the later a bug is detected in the software development life cycle (SDLC), the longer it takes and the more expensive it is to fix that ...
Massive Number of Transitive Dependencies Traced to Open Source Code
An analysis of nearly 2,000 software packages published by Endor Labs found 95% of all application vulnerabilities can be traced back to a transitive dependency created when a developer used an open ...
How Devs Can Improve Open Source Security in the Enterprise
Modern applications are dynamic. They’re distributed and they’re often born in the cloud. These applications can be developed on the fly, spun up and scaled quickly to meet evolving user and market ...
GraphQL Vulnerability Analysis: The Top Threats
Publicly available vulnerability data can be a goldmine for insights into how DevOps and DevSecOps teams can prioritize threats and improve security across the pipeline. With this in mind, Inigo recently performed ...
Cisco Adds Open Source Tool to Validate Serverless Functions
Cisco has launched an open source project, dubbed FunctionClarity, that makes it possible to verify signatures before code is deployed in a serverless computing environment. Vijoy Pandey, vice president of emerging technologies ...
GraphQL: Security by Obscurity Just Isn’t Enough
The debate about how to secure GraphQL rages on. Many organizations are hesitant to adopt GraphQL for public-facing APIs as there is no precise method to handle authorization concerns as of yet ...
Federal Agencies Share DevSecOps Guidelines
The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have published a set of DevSecOps best practices based on the Enduring ...
How DevOps Teams Can Defend Against API Attacks
Remember when ransomware was the main security threat that DevOps teams needed to worry about? Those days are over. Ransomware attacks are certainly still happening, but API security breaches—which increased by a ...
