Applications are usually considered battle tested if they've been around a while and work as expected in most known situations. In software, we want the binary releases we make to have this level of confidence. The problem is, when you’re building something new how can you make up for the time and active user advantage of established software? In this article we’ll look at the early stage of our battle-testing process and how it influenced our future testing.
Bearer is extremely proud to announce the formation of the Bearer Board of Advisors, a group of some of the world’s most respected cybersecurity professionals, including several industry-leading CISOs and CTOs. All of our advisors have made major impacts in cybersecurity for their companies, and for the industry at large.
Today, we're pleased to announce a new approach to help teams manage application code security at scale supercharged with deep sensitive data context, and ship trustworthy products faster.
Bearer CLI's CI/CD integration with GitLab is a great way to add security scanning to your projects. We've taken things a step further and now support GitLab's SAST security scanner integration directly in GitLab CI for GitLab Ultimate users. This feature is available in Bearer CLI v1.9.0 and later. See our upgrade guide for your platform. Let’s dive into how it works.
As part of Bearer CLI v1.9.0 release, we're thrilled to offer improved code scanning integration with GitHub for our open-source security scan. In this article, we'll briefly go over the format that makes this possible, how it works, and how you can start using it today.
DevSecOps is all about better integrating security into the software development life cycle (SDLC). When combined with the desire to automate repetitive tasks, the inevitable conclusion is to put any repeatable testing tool into your app’s build pipeline. For any tooling that involves code analysis, it makes sense to sync up with existing testing workflows. That’s where CI comes in.
Ruby on Rails is one of the most loved combinations in tech. It’s a language and framework that’s accessible to people of varying skill sets and experience. Its maturity and widespread adoption shows with how much the core team and community care about security. Each release improves the framework's hardiness, but there's still so much we can do as developers to protect our applications.
It is clear a new technology is taking hold when it becomes impossible to avoid hearing about it. That’s the case with generative AI. Large language models (LLMs) like OpenAI’s GPT-4 and the more approachable ChatGPT are making waves the world over. Generative AI is exciting, and it’s causing a real fear of missing out for tech companies as they try to match competitors.
In 2013, hackers breached an HVAC provider’s network, giving them access to 40 million credit and debit card numbers from their biggest client: Target. It took years to repair the damage. Relying on third-party vendors is necessary but still presents a cybersecurity risk. How will the companies handle your clients’ data? How vulnerable are they to being hacked?
On March 7, 2023, Loom experienced a security incident caused by a settings change in their CDN. Even with extensive internal testing, the nature of the problem caused it to go unnoticed until the change landed in production. Their incident report is a great explanation of the issue itself, so I won't reiterate much of it here, but what I will look at is a related issue, and how static code analysis tools integrated into development pipelines could have prevented the issue.
