Category: InfoWorld Security

Repatriation seems to be a hot topic these days as some applications and data sets return to where they came from. I’ve even been tagged in some circles as an advocate for repatriation, mostly because of this recent post. Once…

Read more →

Recently, I had the opportunity to ask over a dozen leading technologists for their hopes, predictions, and guidance for the year 2023. This article distills the far-ranging conversation and wealth of insight that came back to me. The year ahead looks…

Read more →

Devops or devsecops (I’ll use devops for this post) is more than just a fast way to build and deploy software within the cloud and on traditional systems. It’s now a solid standard, with best practices, processes, and widely accepted…

Read more →

The creator of C++, Bjarne Stroustrup, is defending the venerable programming language after the US National Security Agency (NSA) recently recommended against using it. NSA advises organizations to use memory safe languages instead. Responding to the agency’s November 2022 bulletin…

Read more →

The creator of C++, Bjarne Stroustrup, is defending the venerable programming language after the US National Security Agency (NSA) recently recommended against using it. NSA advises organizations to use memory safe languages instead. Responding to the agency’s November 2022 bulletin…

Read more →

Canonical’s Ubuntu Pro, a Linux security maintenance subscription service covering thousands of applications and toolchains in the open-source ecosystem, is generally available as of January 26. Released in beta in October, Ubuntu Pro helps users of Linux desktops and servers…

Read more →

Canonical’s Ubuntu Pro, a Linux security maintenance subscription service covering thousands of applications and toolchains in the open-source ecosystem, is generally available as of January 26. Released in beta in October, Ubuntu Pro helps users of Linux desktops and servers…

Read more →

Can developers trust extensions downloaded for Microsoft’s popular Visual Studio Code editor? Researchers at Aqua Nautilus say they have found that attackers could easily impersonate popular extensions and trick unknowing developers into downloading them. Some extensions may already have taken…

Read more →

The decision to lay off 450 staffers globally is expected to better align the company’s workforce to its cloud-focused strategic priorities and cut costs to suit current business needs, Informatica said in a statement. This article has been indexed from…

Read more →

The information age continues to unfold in fits and starts, and the rise of blockchain is among the most compelling current trends. It turns out that public key cryptography, a long stable technology, was latent with undiscovered possibilities. Blockchain is a reimagining…

Read more →

Ciaran Finnegan is the cybersecurity practice lead at CMD Solutions Australia and Phil Massyn is a senior security consultant there. About a year ago they began using Steampipe and its CrowdStrike plugin to scan their customers’ AWS environments. Now Finnegan…

Read more →

Early December marked the one-year anniversary of the Log4j security meltdown. Ever since, the software world has been on a dead sprint to ensure it would never happen again. We’re finally seeing some traction as the missing links in software…

Read more →

It’s a fact that most enterprises put security teams and tools in a silo. It drives me nuts when I see these bad habits carried over to cloud computing security. I covered this topic three years ago, and for the…

Read more →

It’s a fact that most enterprises put security teams and tools in a silo. It drives me nuts when I see these bad habits carried over to cloud computing security. I covered this topic three years ago, and for the…

Read more →

Software runs our businesses today. It powers operations, transactions, communications—just about every facet of the digital organization. It follows that ensuring the security of applications and operating systems is a major priority for development and security teams. This is where…

Read more →

There seems to be a clear trend in the world of cloud computing to return to IT fundamentals—the core problems that IT was set up to solve, such as data management, security, operations, governance, and development. All these things have…

Read more →

AWS announces new cybersecurity features in Amazon Inspector and Amazon Macie at AWS Re:Invent 2022 in Las Vegas. This article has been indexed from InfoWorld Security Read the original article: AWS’ Inspector offers vulnerability management for Lambda serverless functions

Read more →

The release of the enterprise version of the encrypted messaging service, announced at AWS re:Invent, is designed to allow secure collaboration across messaging, voice, video and file sharing. This article has been indexed from InfoWorld Security Read the original article:…

Read more →

Observability is one of those concepts being tossed about these days in the tech press and at cloud computing conferences. Everyone has a definition of what it is and how it’s used. No two are the same. Observability seems to…

Read more →

Automation is not new, but its use in cloud computing is recent. The idea is to automate tasks that have been traditionally carried out by humans; for example, self-healing a saturated compute server by automatically restarting it on a cloud…

Read more →

Agentless security management system aims to simplify vulnerability management for security teams and developers in cloud and hybrid cloud environments. This article has been indexed from InfoWorld Security Read the original article: Qualys previews TotalCloud FlexScan for multicloud security management

Read more →

Java services company Azul has unveiled Azul Vulnerability Detection, a SaaS product that leverages the Azul JVM to continuously monitor Java applications for security vulnerabilities. Azul Vulnerability Detection, introduced November 2, is an agentless cloud service designed for production use.…

Read more →

The question I get asked most often besides, “What is cloud computing?” is “What career path should I take in cloud computing?” I get it. Like almost everyone in the world, you know that the cloud job market is on…

Read more →

The Cloud Security Alliance, in partnership with security company BigID, released the results of a survey of 1,500 IT and security professionals. They all weighed in on the state of cloud data security in 2022 and had some not-so-surprising data points: Organizations are…

Read more →

The Cloud Security Alliance, in partnership with security company BigID, released the results of a survey of 1,500 IT and security professionals. They all weighed in on the state of cloud data security in 2022 and had some not-so-surprising data points: Organizations are…

Read more →

During the development of JFrog Xray’s Secrets Detection, we tested its capabilities by scanning more than eight million artifacts in popular open-source package registries. Similarly, for JFrog Xray’s new Container Contextual Analysis feature, we again tested our detection in a…

Read more →

The Cloud Security Alliance, in partnership with security company BigID, released the results of a survey of 1,500 IT and security professionals. They all weighed in on the state of cloud data security in 2022 and had some not-so-surprising data points: Organizations are…

Read more →

During the development of JFrog Xray’s Secrets Detection, we tested its capabilities by scanning more than eight million artifacts in popular open-source package registries. Similarly, for JFrog Xray’s new Container Contextual Analysis feature, we again tested our detection in a…

Read more →

We’ve made a point of shoring up security for infrastructure-as-a-service clouds since they are so complex and have so many moving parts. Unfortunately, the many software-as-a-service systems in use for more than 20 years now have fallen down the cloud…

Read more →

As part of the development of JFrog Xray’s new Secrets Detection feature, we wanted to test our detection capabilities on as much real world data as possible, both to make sure we eliminate false positives and to catch any errant…

Read more →

As part of the development of JFrog Xray’s new Secrets Detection feature, we wanted to test our detection capabilities on as much real world data as possible, both to make sure we eliminate false positives and to catch any errant…

Read more →

As part of the development of JFrog Xray’s new Secrets Detection feature, we wanted to test our detection capabilities on as much real world data as possible, both to make sure we eliminate false positives and to catch any errant…

Read more →

Don’t look now. More than 80% of organizations have experienced a security incident on a cloud platform during the past 12 months according to research from Venafi. Most concerning, almost half of those organizations reported at least four incidents during the…

Read more →

Startup Endor Labs comes out of stealth with an end-to-end platform to help CSOs understand and catalogue everything developers are using from the internet. This article has been indexed from InfoWorld Security Read the original article: Endor Labs offers dependency…

Read more →

Don’t look now. More than 80% of organizations have experienced a security incident on a cloud platform during the past 12 months according to research from Venafi. Most concerning, almost half of those organizations reported at least four incidents during the…

Read more →

Startup Endor Labs comes out of stealth with an end-to-end platform to help CSOs understand and catalogue everything developers are using from the internet. This article has been indexed from InfoWorld Security Read the original article: Endor Labs offers dependency…

Read more →

Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google and Chainguard This article has been indexed from InfoWorld Security Read the…

Read more →

Victims lose $53 for every $1 cryptojackers gain, according to a new report from Sysdig. This article has been indexed from InfoWorld Security Read the original article: Cryptojacking, DDoS attacks increase in container-based cloud systems

Read more →

In the days of the on-premises data center and early cloud adoption, the roles of application developers, infrastructure operations, and security were largely siloed. In the cloud, this division of labor increases the time-to-market for innovation, reduces productivity, and invites…

Read more →

Now that things seem to be getting back to normal—traffic, delayed flights, and all those things we didn’t miss during the stay-home phase of the pandemic—it’s time to look at what work is going to be like post-pandemic. I found…

Read more →

Victims lose $53 for every $1 cryptojackers gain, according to a new report from Sysdig. This article has been indexed from InfoWorld Security Read the original article: Cryptojacking, DDoS attacks increase in container-based cloud systems

Read more →

Now that things seem to be getting back to normal—traffic, delayed flights, and all those things we didn’t miss during the stay-home phase of the pandemic—it’s time to look at what work is going to be like post-pandemic. I found…

Read more →

I often go through my old presentations from 2008 and before to review talks about the promise of cloud computing. Keep in mind, I’ve worked in the cloud computing field in one way or another since 1999, and I’ve seen…

Read more →

I often go through my old presentations from 2008 and before to review talks about the promise of cloud computing. Keep in mind, I’ve worked in the cloud computing field in one way or another since 1999, and I’ve seen…

Read more →

CodeScan Shield comes with a new module, OrgScan, which governs organizational policies by enforcing the security and compliance rules mandated for Salesforce environments. This article has been indexed from InfoWorld Security Read the original article: AutoRabit launches devsecops tool for…

Read more →

The Rust Foundation, the non-profit shepherd of the Rust programming language, has formed a dedicated security team to assess and advance the security of the language. The team is intended to support the broader Rust community with the highest level…

Read more →

Google’s Go programming language has added support for vulnerability management, which project developers said was an initial step toward helping Go developers learn about known vulnerabilities that could impact them. In a blog post on September 6, the Go security…

Read more →

Many cloud architect friends of mine see multicloud on the horizon, but they don’t think they’re prepared for its extra complexities. Most of them initially pushed back on the concept of multicloud much like they pushed back on cloud computing…

Read more →

Blockchain networks combine groups of transactions into collections (blocks) that are appended to each other (chains). The blocks employ a function to ensure that values are not re-used in transactions, thus avoiding the problem of double spending. The network then uses a…

Read more →

I’ve written about cloud security many times, including this post from 2021. The report I referenced found that misconfigured cloud servers caused 19% of data breaches. Corroborative data is available from public cloud providers that fight this daily. Microsoft analyzed the anonymized data…

Read more →

Security is one of the few things that will survive the budget axe should the world plunge into recession, but it’s increasingly clear that we can’t simply spend our way to a secure future. Indeed, SLSA (Supply-chain Levels for Software…

Read more →

ARMO, developer of Kubescape, an open source security platform for Kubernetes, has added two new vulnerability scanning functions to the platform. Code repository scanning and container image registry scanning are the first fruits of an effort to cover more aspects…

Read more →

A zero-knowledge proof, also known as ZKP protocol, attempts to establish a fact between parties with a minimum amount of information exchange. In cryptography, it is intended to limit the transfer of information during authentication activities. ZKP’s originators explicitly studied the movement…

Read more →

Cloudflare is in the midst of a significant transformation, as it continues to build out the tools developers need to run their applications across a global network of edge locations. Recent moves put the 18-year-old internet security and performance company…

Read more →

I’ve addressed concerns with multicloud security many times before. Here’s the essence of what I and others assert: Multicloud complexity causes systemic security issues. That’s a fact. Today let’s talk about how we can mediate this complexity to deal with…

Read more →

The compromise of SolarWinds’ system management tool raised a lot of interesting issues for anyone using a CI/CD (continuous integration and continuous delivery) build process for their software. How can we ensure that the software we distribute to our users…

Read more →

The cloud-native security provider wants to help customers gain visibility into all of their containers, as well as uncover a growing array of threats across multicloud environments. This article has been indexed from InfoWorld Security Read the original article: CrowdStrike…

Read more →

Today, if you’re creating or working with cloud-native applications, you’re almost certainly working with Kubernetes. According to a recent CNCF report, 96% of organizations are either using or evaluating Kubernetes. Kubernetes already has 5.6 million users worldwide, representing 31% of…

Read more →

Who owns software supply chain security? Developers? Or the platform and security engineering teams supporting them? In the past, the CIO, CISO, or CTO and their security team would decide which Linux distribution, operating system, and infrastructure platform the company…

Read more →

Creating a secure application requires many safeguards, but by far the most important are those that secure the data in the application. These are also the most difficult to implement. When it comes to securing application data, there are two…

Read more →

Log4j was the bucket of cold water that woke up most developers to their software supply chain security problem.  We’ve spent decades in software building things and obsessing over our production environment. But we’re building on unpatched Jenkins boxes sitting…

Read more →

Log4j was the bucket of cold water that woke up most developers to their software supply chain security problem.  We’ve spent decades in software building things and obsessing over our production environment. But we’re building on unpatched Jenkins boxes sitting…

Read more →

In the software world, identity is the mapping of a person, place, or thing in a verifiable manner to a software resource. Whenever you interact with nearly anything on the internet, you are dealing with identities: Facebook identity Email address…

Read more →

Sysdig’s Drift Control detects and stops attempts to run packages or binary files that were added or modified at runtime. This article has been indexed from InfoWorld Security Read the original article: Sysdig Secure update adds ability to stop container…

Read more →

Talk about cloud security and you’re likely to discuss provider-focused issues: not enough security, not enough auditing, not enough planning. However, the biggest cloud security risks continue to be the people who walk beside you in the hallways. According to…

Read more →

Devops is primarily associated with the collaboration between developers and operations to improve the delivery and reliability of applications in production. The most common best practices aim to replace manual, error-prone procedures managed at the boundaries between dev and ops…

Read more →

The good news is that recession or no, security remains a somewhat uncuttable expense for CIOs, according to new data from Morgan Stanley Research. The bad news is that none of it will work if those same CIOs don’t patch…

Read more →

Have you ever heard the saying “Locking the door but leaving the window unlatched”? It means that your security is only as good as the weakest link. This applies to IT as well. How does legacy system security compare to…

Read more →

Many companies have rushed to implement continuous integration and continuous delivery (CI/CD) pipelines to streamline their software development workflows. Far fewer have taken the additional step to automate continuous deployment, a practice of using CI/CD pipelines to push changes into…

Read more →

This article has been indexed from InfoWorld Security Matt Raible is a well-known Java and JavaScript educator with several books to his credit and broad experience in the industry. He is currently developer advocate at Okta, where he focuses on…

Read more →

This article has been indexed from InfoWorld Security Security is a significant concern for Kubernetes and container-based development, according to Red Hat’s State of Kubernetes Security report for 2022. In fact, 93% of survey respondents experienced at least one security…

Read more →

This article has been indexed from InfoWorld Security The cloud native threat landscape is constantly evolving. Research from Aqua’s Team Nautilus in 2021 revealed higher levels of sophistication in attacks and an increase in volume of attacks targeting container infrastructure.…

Read more →

This article has been indexed from InfoWorld Security When I rejoined MongoDB in 2021, I got to hear all the old jokes rehashed. You know, about MongoDB being “web scale,” about losing data, about only being eventually consistent, and so…

Read more →

This article has been indexed from InfoWorld Security When I rejoined MongoDB in 2021, I got to hear all the old jokes rehashed. You know, about MongoDB being “web scale,” about losing data, about only being eventually consistent, and so…

Read more →

This article has been indexed from InfoWorld Security Aiming to help Rust developers discover and prevent security vulnerabilities, GitHub has made its suite of supply chain security features available for the fast-growing Rust language. These features include the GitHub Advisory…

Read more →

This article has been indexed from InfoWorld Security Keeping your application safe and secure is critical to a successful enterprise. Whether you use cloud-native application architectures or on-premises systems—or anything in between—it’s generally considered that splitting your infrastructure into security…

Read more →

This article has been indexed from InfoWorld Security Quantum computing continues to inhabit the nebulous space between practical application and theoretical speculation, but it is edging closer toward real-world use. One of the more interesting use cases for quantum computers is…

Read more →

This article has been indexed from InfoWorld Security As much as we might like to think otherwise, cloud-native applications are web applications. We may build services, but their APIs are often RESTful, and where we may have used various remote…

Read more →

This article has been indexed from InfoWorld Security New Google Cloud security services aim to strengthen open-source security, simplify zero-trust adoption, and improve cloud governance. Read the original article: Google Cloud launches services to bolster open-source security, simplify zero-trust rollouts

Read more →

This article has been indexed from InfoWorld Security Defined as a network of 3D virtual worlds focused on enhancing social connections through conventional personal computing and virtual reality and augmented reality headsets, the metaverse was once a fringe concept that…

Read more →

This article has been indexed from InfoWorld Security Here’s the good news. According to the Open Source Security Foundation (OpenSSF), it will cost less than $150 million to secure open source software. More good news, industry giants Amazon, Intel, Google, and…

Read more →

This article has been indexed from InfoWorld Security In order for cybersecurity professionals to gain the knowledge they need to thwart the hackers constantly targeting their cloud infrastructure and applications, they need to think like General George S. Patton (or…

Read more →

This article has been indexed from InfoWorld Security The software provider has also enhanced its underlying security and compliance mechanism Chef InSpec with new features. Read the original article: Progress launches Chef Cloud Security to extend DevSecOps to cloud-native assets

Read more →

This article has been indexed from InfoWorld Security The new CEO of the enterprise search software company Elastic has one priority: cloud. “Cloud is front and center,” he told InfoWorld during a recent interview. “That is really where you should…

Read more →

This article has been indexed from InfoWorld Security Cloud engineering and security teams need to ask some important questions about the security of their cloud environments, and they must go well beyond whether or not environments are passing compliance audits.…

Read more →

This article has been indexed from InfoWorld Security Preaching the mantra that “the web is for everyone,” Mozilla has published a vision for the evolution of the web that stresses openness and safety, with the company aiming to address shortfalls…

Read more →

This article has been indexed from InfoWorld Security Preaching the mantra that “the web is for everyone,” Mozilla has published a vision for the evolution of the web that stresses openness and safety, with the company aiming to address shortfalls…

Read more →

This article has been indexed from InfoWorld Security I was intrigued by an article I read the other day in CSO Online titled “4 security concerns for low-code and no-code development”. The premise of the article was, essentially, that enterprises…

Read more →

This article has been indexed from InfoWorld Security I was intrigued by an article I read the other day in CSO Online titled “4 security concerns for low-code and no-code development”. The premise of the article was, essentially, that enterprises…

Read more →

This article has been indexed from InfoWorld Security Infrastructure as code specialist Pulumi has tweaked its enterprise pricing tiers by launching a new premium Business Critical version, as it looks to support larger organizations as they modernize their infrastructure provisioning…

Read more →

This article has been indexed from InfoWorld Security Researchers at the Laboratory for Innovation Science at Harvard University (LISH) have published the most comprehensive census of free and open source (FOSS) software packages to date, with the aim of helping…

Read more →

This article has been indexed from InfoWorld Security VMware is entering the race to secure modern, cloud-native environments by adding container runtime protection to its Carbon Black Container security product, which it launched in April 2021. Defending cloud-native environments at…

Read more →

This article has been indexed from InfoWorld Security Want to know who has the most stressful job in the enterprise these days? It’s the CISO, or chief information security officer. This is typically a senior-level executive responsible for developing and implementing…

Read more →

This article has been indexed from InfoWorld Security Hot on the heels of Diffie-Hellman upending the cryptography applecart in 1976 came three more crypto newcomers that further revolutionized the field: Ron Rivest, Adi Shamir, and Leonard Adleman. The trio devised…

Read more →

This article has been indexed from InfoWorld Security Argo CD is a popular open source, continuous delivery (CD) platform for Kubernetes that is used by hundreds of organizations globally. Recently, a serious vulnerability in Argo CD was uncovered by Apiiro,…

Read more →

This article has been indexed from InfoWorld Security The popular NPM registry of JavaScript packages was described as a playground for malicious actors by software scanning services provider WhiteSource Software, which has published a report of its vulnerability analysis of…

Read more →

This article has been indexed from InfoWorld Security Outside the insurance industry, few people likely noticed that Lloyd’s of London “will no longer cover the fallout of cyberattacks exchanged between nation-states.” It would be easy to overlook, except that Lloyd’s is a…

Read more →

This article has been indexed from InfoWorld Security This point release arriving January 20, 2022, just days after Rust 1.58, fixes a race condition in the std::fs::remove_dir_all standard library function. This vulnerability is tracked at CVE-2022-21658 and there was an…

Read more →

This article has been indexed from InfoWorld Security Whitfield Diffie and Martin Hellman were outsiders in the field of cryptography when they devised a scheme hitherto unknown: The ability to establish secure communications over public channels between two parties that…

Read more →

This article has been indexed from InfoWorld Security In the wake of a recent incident that wreaked havoc on the NPM package registry, a new group of maintainers is reestablishing the Faker project, making it a community effort. The previous…

Read more →