Collaborate Disseminate
Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, AuditBoard, Bedrock Security, Cado Security, Check Point, CyberArk, Cynerio, DataDome, Delinea, Drata, Exabeam, GitGuardian, GitHub, GlobalSign, Legat… Continue reading Infosec products of the month: March 2024
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Drata, GlobalSign, Ordr, Portnox, Sonatype, Tufin, and Zoom. GlobalSign PKIaaS Connector enhances ServiceNow certificate lifecycle management With the u… Continue reading New infosec products of the week: March 22, 2024
Working with the world’s largest enterprises and global policymakers to address the complexities of optimizing your software supply chain with SBOMs (Software Bill of Materials), Sonatype announced SBOM Manager. This solution provides an integrated app… Continue reading Sonatype SBOM Manager identifies and mitigates vulnerabilities within the software supply chain
Beyond traditional AI models, generative AI (GenAI) can create new content, images, and even entire scenarios from scratch. While this technology holds immense promise across various sectors, it also introduces challenges and threats to cybersecurity. … Continue reading The dark side of GenAI
Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead devel… Continue reading Be prepared to patch high-severity vulnerability in curl and libcurl
2023 saw twice as many software supply chain attacks as 2019-2022 combined. Sonatype logged 245,032 malicious packages in 2023. One in eight open-source downloads today poses known and avoidable risks. Vulnerabilities can still be prevented Nearly all … Continue reading The root cause of open-source risk
In this Help Net Security video, Ilkka Turunen, Field CTO at Sonatype, discusses how generative AI influences and impacts software engineers’ work and the software development lifecycle. According to a recent Sonatype survey of 800 developers (De… Continue reading GenAI in software surges despite risks
Application security leaders are more optimistic than developer leaders on generative AI, though both agree it will lead to more pervasive security vulnerabilities in software development, according to Sonatype. According to the surveyed DevOps and Sec… Continue reading Generative AI lures DevOps and SecOps into risky territory
Open source refers to software or technology that is made available to the public with its source code openly accessible, editable, and distributable. In other words, the source code contains the underlying programming instructions and is freely availa… Continue reading Open-source security challenges and complexities
The Biden administration today issued its vision for beefing up the nation’s collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House’s new national cybersecurity strategy also envisions a more active role by cloud providers and the U.S. military in disrupting cybercriminal infrastructure, and names China as the single biggest cyber threat to U.S. interests. Continue reading Highlights from the New U.S. Cybersecurity Strategy