Security News
GitLab on how DevSecOps can help developers provide security from end-to-end. TechRepublic's Karen Roby spoke with Jonathan Hunt, VP of security for GitLab, about the security challenges companies face today and how the concept and practice of DevSecOps can help developers build end-to-end security into their applications.
The interesting part about where IBM is actually headed is, security and what we actually do in security is about protecting the surface area. When you look at Snyk and Snyk's kind of whole ethos is to say, "Well, that's the core. That's the heart. You have to be developer-first." And the meaning of that, one of my favorite things to do is to talk to a chief security officer and say, "Yes, you're kind of here to sort of help secure the organization and you are the one likely to sign the check, but you're not the most important user of the product." Because the most important user of the product, the biggest risk we both face is the developers don't actually pick it up.
Interest in specific topics within cybersecurity grew significantly. Between last year's high-profile incidents involving ransomware, supply chain attacks, the exploitation of critical systems vulnerabilities and the new focus on cryptocurrency theft, it's likely that interest in cybersecurity topics will continue to climb in 2022 and beyond.
Understandably, security teams are recalibrating and sorting out where more security investments are needed in the new year. The software development community is responding to these developments and recognizes that approaching security as an afterthought encourages attacks and their resulting damages.
If you were a user of either of those projects, and if you are inclined to accept any and all updates to your source code automatically without any sort of code review or testing. We've written about security holes suddenly showing up in numerous coding communities, including PHP programmers, Pythonistas, Ruby users, and NPM fans.
"The findings confirm our belief that security teams must make improving their relationship with developers a major priority in 2022," said Harshil Parikh, CEO of Tromzo. "They can do this by making security easy for developers. This means integrating security checks into the SDLC and transitioning from security gates to security guardrails so security can become a first-class citizen once and for all."
The humble PC continues to bring home the bacon for Dell, with shipments to corporate customers going through the roof, in spite of previous worries about shortages and price hikes. Things are less rosy at HP, which has been caught out by the recent collapse in Chromebook orders.
While mostly hidden in private conversations, details sometimes emerge about the parallel economy of vulnerability exploits on underground forums, revealing just how fat of a wallet some threat actors have. If it takes too long, developers may lose the chance to make big money because competitors may come up with an exploit variant, dragging down the price.
What excites a security professional is not exciting for developers because, at the end of the day, a developer needs to build, not to break. While it can be fun to find and exploit a security vulnerability, this should not be the goal of secure coding training.
The US Department of Justice claims it's arrested a member of a gang that deployed the Trickbot ransomware. A heavily-redacted indictment names Vladimir Dunaev as a developer of the malware, and alleges he was "a Malware Developer for the Trickbot Group, overseeing the creation of internet browser injection, machine identification, and data harvesting codes used by the Trickbot malware".