A few months ago, the National Institute of Standards and Technology (NIST) released a draft framework for ransomware risk management. But it's not the only publication on such threats, as the institute has also produced a guide recently on how MSPs should protect data from ransomware and other data loss events.
DevSecOps stands for Development, Security and Operations. This is a practice aimed to automate or design security integration throughout the software development lifecycle or workflow. Nowadays, collaborative frameworks and projects that share security protocols from end to end are really common, so DevSecOps practices attempt to emphasize building infrastructure with a strong security foundation and stable automation workflow and phases. Watch the video below to learn more about Securing DevSecOps.
Naval Information Warfare Systems Command (NAVWAR) enterprise recently announced that Splunk is the winner of its third prize challenge in the Artificial Intelligence Applications to Autonomous Cybersecurity (AI ATAC) Challenge series.
The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to report vulnerable and malicious packages to repository maintainers. Earlier this year we disclosed several malicious packages targeting developers’ private data that were downloaded approximately 30K times.
We’re pleased to announce improved support for.NET applications in Snyk Open Source, allowing developers to fix vulnerabilities in.NET dependencies with the help of actionable advice and automated pull requests! As of the time of writing, NuGet, the Microsoft-supported and de-facto standard package manager for.NET, has 276,266 unique packages, downloaded on average more than a billion times a week!
Among its evangelists and advocates, DevOps is about the cultural shift from traditional silo groups to the integration of a DevOps team. DevOps teams speak about change, feedback, inclusiveness, and collaboration. The goal is to bring everyone who has a seat at the table onto a common platform to work together and deliver changes to business systems safely and securely. Companies that choose to go through digital transformation use DevOps as their platform to deliver software at speed and scale.
Earlier this month, a group of researchers at the University of Cambridge published an academic paper, with an accompanying website, on a new type of potential vulnerability that could appear in source code. They called it Trojan Source.
On July 19, 2021, The Board of Governors for the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) released their proposed interagency guidance around third-party risk management. SecurityScorecard submitted comments in response to the proposal urging the agencies to include the adoption of security ratings to mitigate the cyber risk to financial institutions introduced by third-party vendors and suppliers.
Supply chain logistics have been the backbone of global trade for hundreds of years. Extending the same concept, with the added digital components gives birth to supply chain cyber security risks. Supply chain cyber security is a topic that has come into the limelight for the last couple of years.
