Security News

When speed is everything, developers are often reluctant to prioritize security - so how do you make DevSecOps stick with developers? Developers are the key to DevSecOps success and as a result, their approach to security must be consistent.

A new survey of the free and open-source software community conducted by the Linux Foundation suggests that contributors spend less than 3% of their time on security issues and have little desire to increase this. A report based on the answers of nearly 1,200 FOSS contributors carried out by the Linux Foundation and Laboratory for Innovation Science at Harvard highlighted a "Clear need" for developers to dedicate more time to the security of FOSS projects as businesses and economies become increasingly reliant on open-source software.

Spamhaus Technology releases its Intelligence API. This is the first time Spamhaus has released its extensive threat intelligence via API, providing enriched data relating to IP addresses exhibiting compromised behaviour. Available free of charge, developers can readily access enhanced data that catalogues IP addresses compromised by malware, worms, Trojan infections, devices controlled by botnets, and third party exploits, such as open proxies.

The problem is, developers haven't had the most inspiring introduction to security training over the years, and anything that can be done to make their experience more engaging, productive, and fun is going to be a powerful motivator in helping them gain valuable secure coding skills. In a blog post from November 28, 2019, security research group Wisdom reported on a security bug they discovered on GitHub.

Scorecards provides an assessment of open-source packages, which developers can use to judge whether they are safe to introduce into their projects or systems. Introducing unknown code into a software can be risky, which is why Google is introducing a new scorecard system to help developers assess the risk of open-source dependencies before introducing them to their systems.

Ubiq Security announced the launch of its API-based encryption platform for developers. Ubiq has eliminated the traditional complexities of encryption, allowing developers and information security teams - even those without encryption or cryptography expertise - to integrate data encryption directly into applications in minutes, with nothing more than a few lines of code and two API calls.

DataStax announced that enterprises and developers now have the freedom to run any Apache Cassandra workload, anywhere, at global-scale with DataStax Astra on Amazon Web Services, Google Cloud Platform, and Microsoft Azure. Delivering on the mission to connect every developer in the world to the power of Cassandra with the freedom to run their data in any cloud or on any device, DataStax extends the availability of Astra on major cloud platforms.

Okta further extended its Okta Devices Platform Service capabilities to developers through the Okta Devices SDK. Using the Okta Devices SDK, developers can enable passwordless authentication through branded push notifications with biometric capabilities, minimizing friction for end-users and increasing security posture. "This dynamic landscape has placed an extra emphasis on today's modern businesses to be relevant across every device. The Devices SDK takes the customizability and security of the Okta Identity Cloud and puts it in the hands of developers everywhere."

Single sign on provider Okta is opening its platform to third-party developers with a new Okta Devices SDK and an accompanying API that it said will allow developers to "Leverage the power of Okta Verify to build customized, secure, and seamless login experiences for their customers." Announced at Okta Showcase 2020, the new SDK was built for a mobile-first world that Okta said requires organizations to constantly deliver new bespoke and custom-tailored experiences for customers.

DigitalOcean announced DigitalOcean App Platform, a new platform as a service offering that automates infrastructure management so developers can deploy their code to production in just a few clicks. "With millions of businesses started in the cloud each year, developers need a simple, fast and scalable way to ship the apps that power their ideas," said Apurva Joshi, VP of Product, DigitalOcean.