Security
Security | News, how-tos, features, reviews, and videos
Don't overlook attack surface management
As cloud computing becomes a scarier place given the rise in threats, it’s time to focus on the basics of ASM that safeguard cloud applications and data.
Sigstore: Roots of trust for software artifacts
Sigstore has become the default software signing method for everything from Kubernetes to NPM, Maven, and PyPi, verifying the integrity of more than a million open source packages.
A practical guide to React Native authentication
Using React Native authentication to verify user identities is a relatively painless and straightforward process that not only protects your company’s data and your user’s privacy, but also improves the user experience.
Designing user management for machine-to-machine interactions
Machines are users, too, and you will have to treat them like users to ensure that the services they use are available, fast, scalable, and secure. Here’s how.
Google launches dependency API and curated package repository with security metadata
With the two new services, Google aims to help minimize risk from malicious code in the software supply chain.
OpenAI starts bug bounty program with cash rewards up to $20,000
Based on the severity and impact of the reported vulnerability, OpenAI will hand out cash rewards ranging from $200 for low-severity findings to up to $20,000 for exceptional discoveries.
GitGuardian’s honeytokens in codebase to fish out DevOps intrusion
GitGuardian honeytokens are decoy scripts designed to lure out attackers looking to target critical DevOps environments and enterprise secrets.
3 overlooked cloud security attack vectors
Enterprises are putting their sensitive data in the cloud, but both sides are responsible for security. Be sure your cloud provider is aware of these threats.
Snyk bolsters developer security with fresh devsecop, cloud capabilities
Snyk aims to boost security support for developers across their software supply chains with coding, cloud and devsecops enhancements.
UK data regulator issues warning over generative AI data protection concerns
The UK's Information Commission’s Office reminds organizations that data protection laws still apply to unfiltered data used to train large language models.
Splunk adds new security and observability features
New security and observability features will be added to Splunk Mission Control and its Observability Cloud to identify threats and incidents more efficiently, the company said.
Observability will transform cloud security
Cloud security threats are increasing in both frequency and intensity. We need better visibility into potential threats and proactive approaches to addressing risk.
ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises
ForgeRock is adding Enterprise Connect Passwordless to its Identity Platform to provide no-code and low-code approaches for enterprises to add passwordless authentication to their IT infrastructure.
Tailscale: Fast and easy VPNs for developers
Simple and affordable Tailscale allows you to create an encrypted, peer-to-peer virtual network using the secure WireGuard protocol, without generating public keys or constantly typing passwords.
ReversingLabs adds new context-based, secret-detection capabilities
The software supply chain security tool will host new secret-detection capabilities through the command-line interface to help developers prioritize remediation efforts.
GitHub begins 2FA rollout
GitHub will begin selecting accounts for enrollment in two-factor authentication next week. All users will be required to use 2FA by year-end.
Cloud trends 2023: Cost management surpasses security as top priority
Flexera’s annual survey of cloud decision-makers tracks the top priorities and challenges of cloud-using companies, and the latest trends in the public, private, and multicloud market. Here are the highlights of the 2023 report.
Top 10 open source software risks for 2023
While open source software is the bedrock of modern software development, it is also the weakest link in the software supply chain, according to a report by Endor Labs.