November 11, 2024 at 06:05PM VMware has made its Fusion and Workstation desktop hypervisors free for all users, retiring the paid subscription model. While users retain full features, support ticketing is discontinued. Broadcom plans ongoing development and updates. Current commercial contracts remain valid until expiration, ensuring continued service and support for those agreements. **Meeting Takeaways: … Read more
November 11, 2024 at 10:11AM Open source software (OSS) plays a crucial role in technology, yet increasing reliance introduces significant security risks. Organizations benefiting from OSS must ensure robust security practices by investing in skilled engineers. Effective communication, proactive approaches, and continuous vigilance are essential. This need intensifies with the rise of open source AI … Read more
November 8, 2024 at 10:35AM The integration of DevSecOps aims to balance development speed with security, addressing challenges such as security training, complex tools, and alert management. Successful implementation involves understanding risk portfolios, automating security testing, continuous monitoring, and simplifying developers’ experiences, ultimately fostering collaboration for efficient, secure software delivery. **Meeting Takeaways: DevSecOps Implementation** 1. … Read more
November 5, 2024 at 01:45AM A campaign targeting npm developers employs hundreds of typosquat packages to install cross-platform malware, utilizing Ethereum smart contracts for command-and-control. This approach complicates detection and takedown efforts, highlighting vulnerabilities in the open-source ecosystem. The attacker may be Russian-speaking, emphasizing the need for developer vigilance when downloading packages. ### Meeting Takeaways … Read more
November 1, 2024 at 10:05AM CIOs are increasing software investments to enhance productivity, while CISOs face challenges in keeping up with rapid changes and integrating security into development processes. To improve collaboration, security must be embedded in developers’ workflows, allowing for faster output without hindering productivity, thus promoting a secure-by-design methodology that addresses risks effectively. … Read more
October 31, 2024 at 10:39AM LottieFiles announced that its npm package “lottie-player” was compromised in a supply chain attack, leading to unauthorized, malicious versions that prompted users to connect cryptocurrency wallets. Users of versions 2.0.5, 2.0.6, and 2.0.7 should update to 2.0.8. The company is investigating with an external team. ### Meeting Takeaways – October … Read more
October 25, 2024 at 07:17AM The Cybersecurity and Infrastructure Security Agency (CISA) questions the claim that fixing software vulnerabilities is 100 times more expensive during production. Agile development may lessen this cost, suggesting that shifting security responsibilities to developers, while important, needs a balanced approach. The emphasis should be on integrating security throughout the development … Read more
October 24, 2024 at 08:17AM Codasip donated its RISC-V software development kit to the CHERI Alliance to enhance chip memory safety for developers. The SDK includes essential tools like a C/C++ compiler, emulator, and build system, aiming to facilitate CHERI technology adoption in securing hardware memory against vulnerabilities like buffer overflows. ### Meeting Takeaways: 1. … Read more
October 24, 2024 at 07:39AM Bitwarden’s new build requirements have raised concerns about its status as free and open-source software (FOSS). A recent GitHub discussion highlighted that the SDK needed for compilation is not free, prompting comparisons to other companies that have shifted away from open-source principles. Alternatives exist but may require more user management. … Read more
October 23, 2024 at 09:50AM Socket has secured $40 million in Series B funding to advance its development of open source software supply chain security technology. **Meeting Takeaways:** 1. **Funding Achievement:** Socket has successfully raised $40 million in a Series B funding round. 2. **Focus Area:** The raised funds will be allocated towards developing technology … Read more