IT Security
Codenotary Previews Secure SBOM Creation Service
Codenotary today made available a preview of a centralized repository service for generating and storing software bills of materials (SBOMs) that makes it simpler to securely share them as necessary. Moshe Bar, ...
Report: Most IT Teams Can’t Fix Open Source Software Security
Mike Vizard | | dependencies, Lineaje, open source, Open Source Security Foundation, software securityLineaje, a provider of a platform for securing software supply chains, today published an analysis of 41,989 open source components embedded in the top 44 popular projects managed by the Apache Software ...
Mobb Launches Community Edition of Automated Remediation Tool
Mobb today made available a free community edition of a namesake tool that creates fixes to open source vulnerabilities. The fixes are based on the results of code scanning by a static ...
Endor Labs Taps ChatGPT to Identify Secure Open Source Software
Endor Labs has launched DroidGPT, an extension of its software for assessing risks in open source code. DroidGPT integrates the ChatGPT generative artificial intelligence (AI) platform to make it simpler to discover ...
Five Great DevOps Job Opportunities
DevOps.com is now providing a weekly DevOps jobs report through which opportunities for DevOps professionals will be highlighted to better serve our audience. Our goal in these challenging economic times is to ...
Synopsys Preps Extensions to Polaris SaaS Platform
Synopsys plans to extend the capabilities of its Polaris Software Integrity Platform for securing application development environments by adding dynamic application security testing (DAST) tools along with the ability to scan code ...
A Seven Point Checklist for Getting SAST Right
Mark Hermeling | | code security, product security, SAST, software quality, Static Application Security TestingWith so many physical products—from automobiles to airplanes and medical devices to industrial control systems—now being driven by software, product security has become a top-level concern for manufacturers. Software flaws can not ...
Software Supply Chain Risk Management: A 2023 Guide
Software supply chain risk management (SSCRM) refers to the process of identifying, assessing and mitigating risks associated with third-party software components and services that are integrated into software products. SSCRM involves understanding ...
Awareness of Software Supply Chain Security Issues Improves
Mike Vizard | | best practices, CI/CD, devsecops, security, Software Supply Chain, supply chain securityA global survey of 167 software professionals suggested that, while there is a lot more awareness of application security issues, the adoption of DevSecOps best practices is still not pervasive. The survey, ...
Five Great DevOps Job Opportunities
DevOps.com is now providing a weekly DevOps jobs report through which opportunities for DevOps professionals will be highlighted to better serve our audience. Our goal in these challenging economic times is to ...
ReversingLabs Adds Ability to Detect Secrets in Application Binaries
ReversingLabs today announced it added an ability to detect secrets exposed in application binaries to its Software Supply Chain Security (SSCS) platform. Tomislav Peričin, chief software architect for ReversingLabs, said this addition ...
GitGuardian: 10M Exposed Secrets on GitHub
Mike Vizard | | GitGuardian, github, Secrets, secrets management, secure code, Software Supply ChainGitGuardian published an analysis of more than one billion commits to GitHub repositories that found 10 million occurrences of secrets, with one out of 10 developers exposing a secret. Mackenzie Jackson, a ...
