Security News

75% of AppSec practitioners and 49% of developers believe there is a cultural divide between their respective teams, according to ZeroNorth. Understanding the cultural divide and its implications Developer and AppSec practitioners don't agree on which function is responsible for the security of applications.

Thirty-nine percent of developers said the security team is responsible for securing apps, while 67% of AppSec practitioners said their teams are responsible, according to a new study. Seventy-five percent of application security practitioners and 49% of developers believe there is a cultural divide between their respective teams that could increase organizational risk, according to a new study by the Ponemon Institute and ZeroNorth, a provider of risk-based vulnerability orchestration across applications and infrastructure.

Microsoft has open-sourced OneFuzz, its own internal continuous developer-driven fuzzing platform, allowing developers around the world to receive fuzz testing results directly from their build system. Fuzzing is an automated software testing technique that involves entering random, unexpected, malformed and/or invalid data into a computer program.

After a short lesson in internet history, the author puts the reader in the shoes of the attacker and explains how simple it is to hack a website, as well as how easy it is to obtain and apply hacking tools. The author proceeds to offer basic knowledge about how the internet, browsers, web servers and programmers work.

Boston-based developer security company Snyk on Wednesday announced that it has raised $200 million in a Series D funding round, valuing the firm at more than $2.6 billion. Snyk earned unicorn status in January 2020, after it raised $150 million in a Series C funding round.

The iOS 14, iPadOS 14, and tvOS 14 anti-tracking feature is on hold until early 2021 to give developers time to make the necessary changes, according to Apple. Apple released iOS 14 without a new anti-tracking feature.

Lattice helps developers meet this growing demand for embedded and smart vision applications by offering a variety of low-power FPGAs and comprehensive solutions stacks designed to enable the quick and easy implementation of applications like video signal bridging, aggregation and splitting, image processing, and the AI/ML inferencing used to train smart vision models. "Peiju Chiang, Product Marketing Manager at Lattice, said,"Lattice is a leading provider of innovative, low power solutions for smart and embedded vision applications.

Check out this guide of the best developer-centric security products. From HashiCorp to Snyk to oso, we're finally seeing security embrace the developer class, and it couldn't have come at a more opportune time.

Ursem, self-appointed "Lamest hacker you know" found the leaked info in a simple search to see if someone "Is actually stupid enough to upload medical customer data to GitHub," he told DataBreach.net. The report describes one errant developer referred to as the "Typhoid Mary of Data Leaks" because of the multiple errors and repetition of these errors in his use of GitHub in relation to not just storage and management of medical data, but other files as well.

Accurics unveiled a major upgrade to Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code. The new Terrascan architecture leverages the Open Policy Agent engine from CNCF, which dramatically simplifies policy definition for developers that want to create custom policies as well as provides over 500 out-of-the-box policies for the CIS Benchmark.