Security News

Engineering teams need a leader, a Developer Experience Engineer, who ensures developers have the right tools, processes, and environment to maximize productivity and create the greatest business value possible. The role of the Developer Experience Engineer becomes ever more important to create efficiencies and shared practices between ambitious and energized teams.

To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators - without the overhead of processing or storing user data. The Zero Trust model of identity verification essentially means never trusting that a returning user is whom they claim to be, regardless of their location or previous successful attempts.

Contrast Security announced its integration with Secure Code Warrior to deliver just-in-time security contextual micro-learning modules to enhance developers' skills to easily fix vulnerabilities without the need of a security team. Recognizing that traditional security training models simply do not scale and provide developers with the just-in-time training demanded by modern software development life cycle, Contrast and Secure Code Warrior have partnered for just-in-time approach that empowers developers to develop secure coding skills while they write and release code.

LoginID announced additional SDK options for developers. These SDKs empower developers to integrate FIDO strong authentication into their websites or apps.

Google on Monday announced new security measures for developer accounts on Google Play, meant to ensure that each account is created by a real person. Google Play, which provides access to millions of Android applications and games, has been abused by threat actors for the distribution of malware, and Google is looking for new ways to strengthen the security of both developers and users.

SMS alone may not be secure, but mobile phone numbers tethered to a SIM card are: they're a unique pairing that is difficult to tamper with or copy. It is now possible to prevent fraud and fake accounts while seamlessly verifying mobile users using the most cryptographically secure identifier they already have - the SIM card embedded in their mobile devices.

Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification, provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards strengthening account security and ensuring a safe and secure app marketplace, Google Play Trust and Safety team said.

Amazon Web Services announced the AWS BugBust Challenge, a global competition for developers to collectively eliminate one million software bugs. With just a few clicks, developers from around the world can join the challenge by creating an AWS BugBust event for their organization in the Amazon CodeGuru console-and compete for prizes and prestige by identifying and fixing bugs in their applications.

Most developers never update third-party libraries after including them in their software, a new report from application security company Veracode reveals. Compiled in partnership with the Cyentia Institute, Veracode's latest State of Software Security report focuses on open source software and the manner in which developers approach the security of third-party libraries they use.

Microsoft has announced an additional Windows developer event for June 24th that will likely reveal new programming API or Microsoft Store changes. Earlier this month, Microsoft announced that they would be holding a special Windows event on June 24th at 11 AM EST to unveil their next generation of Windows.