In a key step to resolve the longstanding tension between developers and security teams, Rezilion and GitLab are partnering on an important integration to address those needs. This integration helps developers detect and remediate vulnerabilities early on in the development without adding extra work and steps and release products quickly and securely. Deployed in minutes, Rezilion’s DevSecOps platform is now natively integrated with GitLab CI.
DevSecOps is a key component in companies’ efforts to build strong security into the software products they create. The methodology brings together security and development teams in a joint mission to deliver high-quality, reliable and secure software.
Log4j continues to be a thorn in the side of security leaders, who have spent the last several months battling the recently discovered flaw in Apache’s Log4j software. In a recent webinar, Yotam Perkal, director of vulnerability research at Rezilion, said the implications of the bug are far-reaching and will likely be exploited for years to come. Apache Log4j is an open source Java logging library used in millions of Java applications worldwide.
The new serious Linux Kernel vulnerability dubbed ‘Dirty Pipe’, due to its similarity to the 2016 high severity and easy to exploit DirtyCow vulnerability, was originally disclosed on March 7th by Max Kellermann. Kellermann found the bug accidently while researching corrupted log files on a log server.
Software Bill of Materials or SBOMs are gaining momentum because they really do make a difference when it comes to enhancing the security and reliability of software. Here are three reasons why organizations need to jump on the SBOM train now.
A Software Bill of Materials (SBOM) is a list of ingredients that make up software components. This includes code updates, vulnerability patches, new features, and any other modifications. An SBOM is useful in tracking the history of software products and their components. But SBOMs are static, and frequently changes need to be made, which can be labor intensive and costly for organizations.
The recent invasion of Russian troops into Ukraine territory was preceded by a blitz of cyberattacks targeting banking systems, government websites, and critical infrastructure. The cyberattacks started long before Russian troops began to descend on Ukraine borders. Cyberattacks date back to 2015 when the Russian intelligence organization, the GRU, targeted Ukraine’s industrial control systems networks with malware.