Collaborate Disseminate
ShiftLeft announced the general availability of its security-as-a-service platform for Microsoft’s .Net Framework. .Net developers can now leverage the commercial source code analysis solution with an OWASP Benchmark Score of 75 percent to create custo… Continue reading ShiftLeft announces code-informed runtime protection for Microsoft’s .Net Framework
Today we’re announcing the general availability of our continuous application security service for the .Net Framework (.Net). .Net developers can now leverage the highest ever benchmarked source code analysis [1] to automatically create… Continue reading ShiftLeft for .Net
Today we’re happy to announce another open source project: sbt-ci-release-early. It’s an sbt plugin that takes care of automatically releasing your projects including git tags, and supports both your in-house setup (e.g. jenkins/artifactory… Continue reading Open sourcing release plugin `sbt-ci-release-early`
Tl;dr; Today, we present the results of evaluating ShiftLeft’s static analysis pipeline on the OWASP benchmark, where we achieve a true positive rate of 100% at 25% false positives. With a resulting Youden Index of 75%, this makes our analysis th… Continue reading Beating the OWASP Benchmark
ShiftLeft announced the public real-world benchmark of its application security solution. The test measured ShiftLeft’s ability to protect an application against exploit attempts made by some of white-hat hackers. Cobalt.io performed the penetration te… Continue reading ShiftLeft demonstrates application protection in the first test of its kind
First-principles thinking is one of the best ways to reverse-engineer complicated problems and unleash creative possibility. Sometimes called “reasoning from first principles,” the idea is to break down complicated problems into basic eleme… Continue reading The Need for Real-World Runtime Protection Benchmarking
At ShiftLeft we’re firm believers in the value of open source software. We leverage too many libraries to count, which massively scales our feature velocity and reliability. We also believe in contributing back when and where can so it is my plea… Continue reading Introducing Gaum: An Open Source O/RM That isn’t an O/RM
Finding, prioritizing, and fixing vulnerabilities during Development and protecting the applications from attacks in Production is the security best-practice. Yet, this is ineffective, resource intensive and exacerbated as organizations modernize their… Continue reading Can Security be a Business Enabler?
The Port of Oakland, Global Free Trade and Dev-Ops
Abstract — In the mid-1960’s, the United States military was struggling with a logistics nightmare between Oakland and Saigon ports. The resultant, container-driven automat… Continue reading Oakland Port, Global Free Trade and Dev-Ops
Nexmo has confirmed that their 3.4.0 SDK contained the Jackson-databind vulnerability that we announced earlier this week as widespread amongst SaaS SDKs.
The deserialization vulnerability can be escalated into remote control execution (RCE) by tr… Continue reading Deserialization Vulnerability Confirmed in Nexmo 3.4.0 SDK