September 17, 2024 at 10:21AM RunSafe Security secured $12 million in Series B funding led by Critical Ventures and SineWave Venture Partners, with participation from several notable investors, bringing their total raised funds to $26.4 million. The McLean-based company plans to use the investment to expand their market in EMEA and APAC and improve their … Read more
August 16, 2024 at 06:54AM The federal government is investing $11 million in the Open-Source Software Prevalence Initiative (OSSPI) to understand and enhance the security of open-source software used in critical infrastructure. National Cyber Director Hary Coker announced the initiative, aiming to strengthen national cybersecurity and collaborate with the cybersecurity community. The initiative aligns with … Read more
July 29, 2024 at 10:06AM Black Hat USA 2024 offers valuable insights for cybersecurity professionals. Despite the AI trend, vulnerability remediation remains a key focus. Sessions cover Amazon Web Services vulnerabilities, Microsoft’s use of large language models, CI/CD runner security risks, Google Cloud Platform vulnerabilities, and more. Emphasizes the need for proactive security culture and … Read more
June 17, 2024 at 07:39AM Traditional application security practices are inadequate for modern DevOps, leading to costly vulnerabilities and compliance risks. DevSecOps integrates security into the entire software lifecycle, aiming to “shift security left” to catch vulnerabilities early. Successful implementation requires a culture of shared responsibility, collaboration, and early integration of security practices. For more, … Read more
May 21, 2024 at 08:06AM The text discusses the challenge of making modern applications more secure without disrupting the high-velocity DevOps processes. It emphasizes the critical importance of building and running a DevSecOps practice, highlighting five guiding principles: establishing a security-minded culture, shifting security left, maintaining governance and guardrails, securing the software supply chain, and … Read more
April 8, 2024 at 04:47PM Senator Ron Wyden introduced draft legislation to set mandatory cybersecurity standards, improve government collaboration technology, and break the monopolizing effect of proprietary software. The bill aims to enhance government communications security, promote interoperability, and prevent vendor lock-in. It requires the use of end-to-end encryption and outlines various cybersecurity and procurement … Read more
March 26, 2024 at 12:52PM The FBI and CISA issued a warning to software vendors about the prevalence of SQL injection vulnerabilities. They emphasized the need for formal code reviews and secure-by-design programming practices to eradicate these vulnerabilities from the development process. They also urged vendors to use parameterized queries and be transparent in disclosing … Read more
March 22, 2024 at 10:04AM Code-signing best practices are crucial for fostering trust in the development process and enhancing software supply chain security. The key takeaway from the meeting notes is the importance of strong code-signing best practices in establishing trust in the development process and enhancing the security of the software supply chain. Full … Read more
January 26, 2024 at 09:38PM The Network Resilience Coalition advocates for improving network security by addressing outdated and improperly configured hardware and software. The NRC comprises major industry players and aligns with government cybersecurity initiatives. It urges IT vendors to adhere to modernized cybersecurity standards and implement secure software development practices. Immediate action and adherence … Read more
January 4, 2024 at 08:12AM The “Executive Order on Improving the Nation’s Cybersecurity” emphasizes securing the “Software Supply Chain.” The article provides three ways to enhance security: safeguarding secrets, using software composition analysis for transparency, and integrating ethical hacking. Strengthening Software Supply Chain Security is crucial for smooth software sales and overall resilience in the … Read more