Security
Security | News, how-tos, features, reviews, and videos
Why zero knowledge matters
Zero-knowledge proof is the next big evolution for blockchain and Web3. A recent survey reveals how adopters are using ZKP now and what to expect in the future.
How Steampipe enables KPIs as code
CMD Solutions built tools for continuous controls assurance by using open-source Steampipe to define information security performance metrics as SQL statements.
Open source security fought back in 2022
One year after the Log4j disaster, open source community efforts and new developer toolchains are addressing the challenges of software supply chain security.
Complexity is the enemy of cloud security
Cloud security and IT security in general often overlook complexity. It’s not taught in security courses, and most experts don’t consider it in risk analytics.
Cloud computing gets back to basics
Recent trends show a return to cloud fundamentals, such as data, development, deployment, and security, rather than chasing what’s new and cool.
What is DevSecOps? Securing devops pipelines
DevSecOps evolves devops concepts with tools and practices that embed security in every layer of the software development life cycle. Here's why more companies are embracing DevSecOps.
AWS' Inspector offers vulnerability management for Lambda serverless functions
AWS announces new cybersecurity features in Amazon Inspector and Amazon Macie at AWS Re:Invent 2022 in Las Vegas.
AWS releases Wickr, its encrypted messaging service for enterprises
The release of the enterprise version of the encrypted messaging service, announced at AWS re:Invent, is designed to allow secure collaboration across messaging, voice, video and file sharing.
What observability means for cloud operations
When you look at your operations data, do you know what you’re seeing? Observability can help you gain more insights from complex cloud deployments.
Cloud architects are afraid of automation
Automation is one of the greatest gifts to cloud architecture, operations, security, and finops. Yet, many architects still are reluctant to use it. What's so scary?
Qualys previews TotalCloud FlexScan for multicloud security management
Agentless security management system aims to simplify vulnerability management for security teams and developers in cloud and hybrid cloud environments.
![Digital bugs amid binary code. [security threats / malware / breach / hack / attack]](https://images.idgesg.net/images/article/2020/09/digital_bugs_amid_binary_code_security_threats_malware_breach_hack_attack_by_whatawin_gettyimages-1188254819_2400x1600-100858616-small.3x2.jpg?auto=webp&quality=85,70)
Azul detects Java vulnerabilities in production apps
Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.
!['Job Openings' LED display signage with abstracted circuits. [ hiring / job opportunities ]](https://images.idgesg.net/images/idge/imported/imageapi/2022/10/27/14/job_openings_led_display_signage_hiring_by_phive2015_gettyimages-514842986_abstract_circuits_by_natrot_gettyimages-1139828676_2400x1600-100854356-small.3x2-100933934-small.3x2.jpg?auto=webp&quality=85,70)
3 primo cloud computing jobs in 2023
The cloud boom and its resulting issues are boosting the pay and prestige of certain roles. Here's what it takes to be an architect, operations engineer, or security engineer.
Why you’re getting cloud security wrong
New data shows that many enterprises are not approaching cloud security correctly, and it’s going to lead to unpleasant consequences.
Most reported CVEs for Docker Hub images are harmless
JFrog used Xray Container Contextual Analysis to scan the 200 most popular community images in Docker Hub, then tallied the results for the 10 most common CVEs. 78% were not exploitable.
It’s time to prioritize SaaS security
Did our focus on IaaS security come at the expense of SaaS security? Know what to guard against, especially excessive user permissions and misconfigured UIs, APIs, and integrations.
Public package repos expose thousands of API security tokens—and they’re active
JFrog’s new Xray Secrets Detection uncovered active access tokens in popular open-source software registries including Docker, npm, and PyPI. Here are our findings and takeaways.
![Digital bugs amid binary code. [security threats / malware / breach / hack / attack]](https://images.idgesg.net/images/article/2020/09/digital_bugs_amid_binary_code_security_threats_malware_breach_hack_attack_by_whatawin_gettyimages-1188254819_2400x1600-100858616-medium.3x2.jpg?auto=webp&quality=85,70)