Life sciences companies increasingly rely on cloud computing environments to accelerate research. The cloud provides cost effective compute power, more efficient data processing, access to files and applications from anywhere, and advanced analytics tools to gain insights from data and manage it. But when a majority of that research is done by external contract research organizations (CROs) or in time zones on the other side of the world, that speed advantage can grind to a halt.
A new day, a new wave of S3 leaks… Cloud misconfigurations continue to be a major concern for organizations and a constant source of data leaks. A recent report by IBM has revealed that misconfigurations are behind two-thirds of cloud security incidents.
I am often asked what has changed and what will need to change most about cybersecurity in the next few years, especially as we come out the other side of a global pandemic that upended all kinds of plans. But let’s start by level-setting: the grand strategy for security—protect data—hasn’t changed. It’s the tactics that have changed, and more importantly, must continue to change.
I’m excited to share that Snyk has joined the Linux Foundation’s expanded support of the Open Source Security Foundation (OpenSSF) as a premier member alongside Microsoft, Google, Cisco, Facebook, Intel, VMware, Red Hat, Oracle, and others. As Snyk’s mission is to enable developers to develop fast while staying secure, we believe that this cross-industry collaboration is critical to the future of software development and improving the security of open source.
Solvo is empowering developers and DevOps engineers by enabling them to run their cloud infrastructure with least privilege access, at speed and scale. In this article, we’ll go through a workflow combining Solvo’s automatic platform with Snyk Infrastructure as Code (Snyk IaC) to create customized and secured access from a Lambda function to an AWS S3 bucket. This blog was originally posted on the Solvo website.
Securing investors is always a challenge for startups. But for open-source companies, it’s even harder. Open-source companies need the right investors to innovate and enter new markets. But when you deal with a specific subset like open source, it can be difficult to find VCs with the required experience and knowledge. Those of us in the open-source community know it’s not just about the money — it’s also about continuing to grow the community.
SSL Pinning is a technique that we use on the client-side to avoid a man-in-the-middle attack by validating the server certificates. The developers embed (or pin) a list of trustful certificates to the client application during development, and use them to compare against the server certificates during runtime. If there is a mismatch between the server and the local copy of certificates, the connection will simply be disrupted, and no further user data will be even sent to that server.
Open source intelligence (OSINT) is the process of identifying, harvesting, processing, analyzing, and reporting data obtained from publicly available sources for intelligence purposes. Open source intelligence analysts use specialized methods to explore the diverse landscape of open source intelligence and pinpoint any data that meets their objectives. OSINT analysts regularly discover information that is not broadly known to be accessible to the public.
