Bandwidth pricing is a major component of the cloud services model. And for a content-heavy service like a video or document store, egress costs can quickly spiral out of control. To mitigate this, it is important to put limits on the amount of data that can be downloaded in a given interval. However, bandwidth limiting for a multi-tenant SaaS product adds a few interesting challenges.
We are thrilled to welcome the team at CloudSkiff to Snyk! Many of you may be more familiar with driftctl, the open source project started by the CloudSkiff team. I wanted to share with you why we’re excited about the addition of this fantastic group of people to Snyk, and our plans for the future of Snyk Infrastructure as Code (Snyk IaC), as well as our commitment to keeping driftctl open source.
A few hours ago, an npm package with more than 7 million weekly downloads was compromised. It appears an ATO (account takeover) occurred in which the author’s account was hijacked either due to a password leakage or a brute force attempt (GitHub discussion).
I’m excited to share that Snyk has joined the Linux Foundation’s expanded support of the Open Source Security Foundation (OpenSSF) as a premier member alongside Microsoft, Google, Cisco, Facebook, Intel, VMware, Red Hat, Oracle, and others. As Snyk’s mission is to enable developers to develop fast while staying secure, we believe that this cross-industry collaboration is critical to the future of software development and improving the security of open source.
Securing investors is always a challenge for startups. But for open-source companies, it’s even harder. Open-source companies need the right investors to innovate and enter new markets. But when you deal with a specific subset like open source, it can be difficult to find VCs with the required experience and knowledge. Those of us in the open-source community know it’s not just about the money — it’s also about continuing to grow the community.
Open source intelligence (OSINT) is the process of identifying, harvesting, processing, analyzing, and reporting data obtained from publicly available sources for intelligence purposes. Open source intelligence analysts use specialized methods to explore the diverse landscape of open source intelligence and pinpoint any data that meets their objectives. OSINT analysts regularly discover information that is not broadly known to be accessible to the public.
In an effort to secure the software supply chain, Black Duck SBOM export capabilities now comply with the NIST standards in Executive Order 14028.
Banking has changed. In the past, financial institutions outsourced their technology. They had large consulting firms creating, managing, and maintaining their back-end systems. Although banks would have knowledge of the systems in place, they wouldn’t be running them on a day-to-day basis. That was the consultants’ responsibility. Recent years have seen a significant shift in the financial sector.
