The SolarWinds supply chain compromise has raised questions over how to detect software that has been tainted during the vendor's development and build process. A concept called verified reproducible builds could help, says David Wheeler of the Linux Foundation.
Open source software is created by talented software developers from around the world who donate their time and intelligence to create software and components, then provide those free of charge to anyone wishing to
use them under the terms of their licenses (including the Beerware license).
The benefits open source...
While CISOs and CIOs have the unenviable position of taking the lion’s share of accountability for software security, especially in the event of an embarrassing company data breach, they are also afforded a unique opportunity of increasing relevance: they are the new innovators, and they can be highly influential...
To ensure data and services are protected against attack, DevOps is evolving to incorporate
cybersecurity practices across the lifecycle. Organizations need to take into account the fast-moving
nature of continuous innovation, and a rapidly evolving and fragmented threat landscape: otherwise
security can get in the...
Organizations are increasingly turning to containers and Kubernetes to improve the efficiency and scalability of software development efforts. Containers introduce new security issues, highlighting the need for container specific security tools.
Download this whitepaper to learn why organizations must balance the...
Vulnerabilities due to "coding errors" in a number of mobile banking applications make them all too susceptible to hacking and customer account data theft, the security firm Positive Technologies warns.
Containers are shaping the way organizations are developing and managing applications nowadays. However, many are not always fully aware of the measures that need to be taken across the entire software development lifecycle, especially when it comes to open source security aspects. The mindset of securing our...
Robotic process automation aims to use machine learning to create bots that automate high-volume, repeatable tasks. But as organizations tap RPA, they must ensure they take steps to maintain data security, says Deloitte's Ashish Sharma.
The Cyber Security Agency of Singapore has come up with an operational technology and cybersecurity master plan aimed at building a secure and resilience ecosystem to protect critical infrastructure. But will implementation prove feasible?
Code reuse kills - software quality, that is, according to a new study of C++ code snippets shared on Stack Overflow that were reused in more than 2,800 GitHub projects. But there's help for organizations that want to support their developers' urge to cut and paste prewritten code snippets.
Since at least 2016, hacked websites have targeted zero-day flaws in current versions of Apple iOS to surreptitiously implant data-stealing and location-tracking malware, says Google's Project Zero team. Apple patched the latest vulnerabilities in February.
The recent exposure of customer data on the website of Singapore Airlines as a result of a software bug is further evidence of the persistent challenge of adequately addressing security during the development stage.
Open source usage has become a mainstream practice - it's impossible to keep up with today's pace of software production without it. The rise in open source usage, however, has led to a dramatic rise in open source vulnerabilities, demanding that development and security teams address the rapidly evolving issue of...
The ins and outs of open source security all in one comprehensive guide.
Download this joint report by Microsoft and WhiteSource in order to learn more about:
The difference in finding & fixing vulnerabilities in open source components opposed to proprietary code;
How to grasp the unique challenges of open source...