Zero-knowledge proof is the next big evolution for blockchain and Web3. A recent survey reveals how adopters are using ZKP now and what to expect in the future.
CMD Solutions built tools for continuous controls assurance by using open-source Steampipe to define information security performance metrics as SQL statements.
One year after the Log4j disaster, open source community efforts and new developer toolchains are addressing the challenges of software supply chain security.
Cloud security and IT security in general often overlook complexity. It’s not taught in security courses, and most experts don’t consider it in risk analytics.
DevSecOps evolves devops concepts with tools and practices that embed security in every layer of the software development life cycle. Here's why more companies are embracing DevSecOps.
The release of the enterprise version of the encrypted messaging service, announced at AWS re:Invent, is designed to allow secure collaboration across messaging, voice, video and file sharing.
Automation is one of the greatest gifts to cloud architecture, operations, security, and finops. Yet, many architects still are reluctant to use it. What's so scary?
Agentless security management system aims to simplify vulnerability management for security teams and developers in cloud and hybrid cloud environments.
Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.
The cloud boom and its resulting issues are boosting the pay and prestige of certain roles. Here's what it takes to be an architect, operations engineer, or security engineer.
JFrog used Xray Container Contextual Analysis to scan the 200 most popular community images in Docker Hub, then tallied the results for the 10 most common CVEs. 78% were not exploitable.
Did our focus on IaaS security come at the expense of SaaS security? Know what to guard against, especially excessive user permissions and misconfigured UIs, APIs, and integrations.
JFrog’s new Xray Secrets Detection uncovered active access tokens in popular open-source software registries including Docker, npm, and PyPI. Here are our findings and takeaways.
Attempted breaches are on the rise and cloud security professionals are forced to play 'Whac-A-Mole' with attacks. Are you ready to rethink your cloud security strategy yet?