Security News
What excites a security professional is not exciting for developers because, at the end of the day, a developer needs to build, not to break. While it can be fun to find and exploit a security vulnerability, this should not be the goal of secure coding training.
The US Department of Justice claims it's arrested a member of a gang that deployed the Trickbot ransomware. A heavily-redacted indictment names Vladimir Dunaev as a developer of the malware, and alleges he was "a Malware Developer for the Trickbot Group, overseeing the creation of internet browser injection, machine identification, and data harvesting codes used by the Trickbot malware".
Rapyd published a report conducted by 451 Research, to assess the market dynamics of fintech developers around the world. Key findings in the report include a growing demand for fintech developers to create payment applications and building in-house tools as well as general job dissatisfaction.
AppSec teams were disliked by most developers because they would often send completed applications back into development to apply security patches or to rewrite code to remediate vulnerabilities. The companies of today want the security offered by DevSecOps sadly, have been slow to reward developers who answer that call.
The SOS program, run by the Linux Foundation, will reward developers with potentially more than $10,000 for enhancing the security of critical open source software. As part of Google's recently announced $10 billion commitment to cybersecurity defense, the company announced Friday the sponsorship for the Secure Open Source Rewards pilot program run by the Linux Foundation.
Chris Wysopal shared a history lesson about the evolution of application security and advice on how to make all apps more secure. Wysopal, who is Veracode's CTO and co-founder shared a short history of his time as an application security researcher, from his time with The L0ft hacker collective to testifying in front of Congress to doing security consulting with Microsoft in the early 2000s.
An alleged Russian developer for the notorious TrickBot malware gang was arrested in South Korea after attempting to leave the country. The TrickBot cybercrime group is responsible for a variety of sophisticated malware targeting Windows and Linux devices to gain access to victim's networks, steal data, and deploy other malware, such as ransomware.
Identity and access management is pushing application security past single-factor authentication and even multi-factor authentication to a risk management model says Ping Identity CEO. Identity and access management systems are making it easier for software developers to secure their applications, for employees and customers to access the tools and services they need and for companies to protect their systems and data. On a recent episode of Dynamic Developer , I spoke with Andre Durand, Founder and CEO of Ping Identity about how the changing landscape of identity and access management are affecting software development.
Elliptic Labs has announced that it certified the operation of its AI Virtual Smart Sensor Platform with the MAX98396 smart audio amplifier from Maxim Integrated Products. Elliptic Labs and Maxim Integrated are targeting next-generation smart devices to run critical and innovative user experiences, like presence detection and 3D touchless gesture sensing, on Maxim Integrated's audio amplifier technology.
ShiftLeft announced general availability of ShiftLeft Educate, a solution that delivers highly-effective security training for developers within the developer workflow. Designed in partnership with Application Security Training platform Kontra, ShiftLeft Educate provides consistent and contextual training for developers of different skill levels, enabling them to quickly learn security best practices and fixes for issues currently in their code.