The cloud-native development model entered the mainstream in recent years, with technologies such as microservices and serverless computing, containers, APIs, and infrastructure-as-code (IaC) at the forefront of this trend. Thanks to these emerging technologies, organizations can build and run their apps fast, in a distributed manner, and without reliance on physical hardware infrastructures.

If software is an important part of your business and you need to comply with license terms and protect against security vulnerabilities, you need to know and track what is inside your software. Lists of software components and dependencies are typically referred to as Software Bills of Materials (SBOMs).

The digital realm is an ever-expanding universe, and web applications serve as the gateway to valuable customer data, sensitive information, and financial transactions. Threat actors and cybercriminals are constantly devising new techniques to exploit vulnerabilities within these applications. Further, data privacy is a paramount concern, and organizations are entrusted with safeguarding information.

An interesting data point in the recently released Synopsys “Global State of DevSecOps 2023” report is the growing use of application security orchestration and correlation (ASOC), now more commonly referred to as application security posture management (ASPM).

In the fast-paced world of technology business, mergers and acquisitions (M&As) have become commonplace. Companies often seek growth, innovation, and market expansion through these strategic moves. However, amidst the excitement of potential synergies and increased market share, there is a lurking danger that can significantly impact the success of an M&A deal: technical debt.

As referenced in our previous post, the software development world has been bracing for additional details regarding two vulnerabilities associated with cURL, one of which was assessed as critical by the maintainer and original creator of the project. The wait ended this morning, as a fixed version was released and details about the vulnerabilities were provided.

Aimed at examining the strategies, tools, and practices impacting software security, the just-released “Global State of DevSecOps 2023” report from Synopsys, is based on a survey conducted by Censuswide polling more than 1,000 IT professionals across the world. The following is a deep dive into key report findings.

The maintainer and original author of curl, Daniel Stenberg, has taken to X (formerly Twitter) and LinkedIn to sound the alarm on what he refers to as “probably the worst security problem found in curl in a long time.” According to project maintainers, the fixed version, 8.4.0, is set to be released on Wednesday, October 11.

OpenNMS is a Java language open source network monitoring platform. The OpenNMS platform monitors some of the largest networks in the Fortune 500, covering the healthcare, technology, energy, finance, government, education, retail, and industrial sectors, many with tens of thousands of networked devices.