Security | News, how-tos, features, reviews, and videos

endless labyrinth 161827306
shutterstock 175644863 scattered clutter of nuts bolts wrenches tools in black and white

cloud security

Don't overlook attack surface management

As cloud computing becomes a scarier place given the rise in threats, it’s time to focus on the basics of ASM that safeguard cloud applications and data.

Tree roots

Sigstore: Roots of trust for software artifacts

Sigstore has become the default software signing method for everything from Kubernetes to NPM, Maven, and PyPi, verifying the integrity of more than a million open source packages.

Person holding phone near a laptop while getting two-factor authentication info

A practical guide to React Native authentication

Using React Native authentication to verify user identities is a relatively painless and straightforward process that not only protects your company’s data and your user’s privacy, but also improves the user experience.

Interlocking gears and binary code.

Designing user management for machine-to-machine interactions

Machines are users, too, and you will have to treat them like users to ensure that the services they use are available, fast, scalable, and secure. Here’s how.

programmer devops certification skills code data scientist student by fatos bytyqi unsplash

Google launches dependency API and curated package repository with security metadata

With the two new services, Google aims to help minimize risk from malicious code in the software supply chain.

ChatGPT on a laptop

OpenAI starts bug bounty program with cash rewards up to $20,000

Based on the severity and impact of the reported vulnerability, OpenAI will hand out cash rewards ranging from $200 for low-severity findings to up to $20,000 for exceptional discoveries.

DevOps DevSecOps Security Pipeline

GitGuardian’s honeytokens in codebase to fish out DevOps intrusion

GitGuardian honeytokens are decoy scripts designed to lure out attackers looking to target critical DevOps environments and enterprise secrets.

Cyber security breach attack on monitor with binary code

3 overlooked cloud security attack vectors

Enterprises are putting their sensitive data in the cloud, but both sides are responsible for security. Be sure your cloud provider is aware of these threats.

programming / coding elements / lines of code / development / developers / teamwork

Snyk bolsters developer security with fresh devsecop, cloud capabilities

Snyk aims to boost security support for developers across their software supply chains with coding, cloud and devsecops enhancements.

Tech Spotlight   >   Analytics [Computerworld]   >   An image of an eye with virtual surveillance.

UK data regulator issues warning over generative AI data protection concerns

The UK's Information Commission’s Office reminds organizations that data protection laws still apply to unfiltered data used to train large language models.

programming / coding elements / lines of code / development / developers / teamwork

Splunk adds new security and observability features

New security and observability features will be added to Splunk Mission Control and its Observability Cloud to identify threats and incidents more efficiently, the company said.

10 cloud security breach virtualization wireless

Observability will transform cloud security

Cloud security threats are increasing in both frequency and intensity. We need better visibility into potential threats and proactive approaches to addressing risk.

Two developers collaborate on a project as they review code on a display in their workspace.

ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises

ForgeRock is adding Enterprise Connect Passwordless to its Identity Platform to provide no-code and low-code approaches for enterprises to add passwordless authentication to their IT infrastructure.

01 network

Tailscale: Fast and easy VPNs for developers

Simple and affordable Tailscale allows you to create an encrypted, peer-to-peer virtual network using the secure WireGuard protocol, without generating public keys or constantly typing passwords.

passwords / passcodes

ReversingLabs adds new context-based, secret-detection capabilities

The software supply chain security tool will host new secret-detection capabilities through the command-line interface to help developers prioritize remediation efforts.

Person holding phone near a laptop while getting two-factor authentication info

GitHub begins 2FA rollout

GitHub will begin selecting accounts for enrollment in two-factor authentication next week. All users will be required to use 2FA by year-end.

high priority gauge

Cloud trends 2023: Cost management surpasses security as top priority

Flexera’s annual survey of cloud decision-makers tracks the top priorities and challenges of cloud-using companies, and the latest trends in the public, private, and multicloud market. Here are the highlights of the 2023 report.

Risk management concept

Top 10 open source software risks for 2023

While open source software is the bedrock of modern software development, it is also the weakest link in the software supply chain, according to a report by Endor Labs.

Load More