Security News

Check out this guide of the best developer-centric security products. From HashiCorp to Snyk to oso, we're finally seeing security embrace the developer class, and it couldn't have come at a more opportune time.

Ursem, self-appointed "Lamest hacker you know" found the leaked info in a simple search to see if someone "Is actually stupid enough to upload medical customer data to GitHub," he told DataBreach.net. The report describes one errant developer referred to as the "Typhoid Mary of Data Leaks" because of the multiple errors and repetition of these errors in his use of GitHub in relation to not just storage and management of medical data, but other files as well.

Accurics unveiled a major upgrade to Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code. The new Terrascan architecture leverages the Open Policy Agent engine from CNCF, which dramatically simplifies policy definition for developers that want to create custom policies as well as provides over 500 out-of-the-box policies for the CIS Benchmark.

With tools optimized for Red Hat OpenShift, the industry's most comprehensive enterprise Kubernetes platform, developers can tap into the benefits of Kubernetes-including speed, consistency, portability and scale-without extending development time or complexity. Red Hat OpenShift 4.5 addresses the needs of both developers who are unfamiliar with Kubernetes and just want to code, as well as expert Kubernetes developers seeking maximum flexibility.

Rather than focusing on time-consuming and frustrating security bottlenecks and interruptions to writing code, developers can focus on creating innovative and secure applications. Community Edition offers near full access to Contrast's products, with developers receiving interactive application security testing, software composition analysis, and runtime application self-protection solutions-all for free.

Datadog has acquired Undefined Labs, a testing and observability company for developer workflows. "By enabling observability early in the development cycle, we can help teams optimize builds and gain visibility into key continuous integration and delivery workflows. Undefined Labs will form a solid basis for making observability a key part of every development cycle by diagnosing, catching, and avoiding performance challenges long before they hit production."

More training on security tools and better performance metrics can accomplish this, according to a new survey. Developers and security analysts are working together on a daily basis to build more secure applications but training is still not a top priority, according to a new survey.

Customer engagement company Airship announced that it is launching a free version of Apptimize's Feature Flags solution, enabling app developers to control the scope and timing of feature launches in order to validate success and reduce risk prior to full rollout. From new apps to those with massive audiences, developers can use Feature Flags by signing up for a free account, or take advantage of newly reduced pricing for unlimited Feature Flags from Apptimize.

The social media giant said that it recently discovered that 5,000 developers received data from Facebook users - long after their access to that data should have expired. In 2018, on the heels of the Cambridge Analytica privacy incident, Facebook debuted stricter controls over data collection by third-party app developers.

A new survey of developers has found that there isn't a single application security tool that at least 80% of developers said is inhibiting their productivity. The degree to which various aspects of appsec hinder developer productivity vary from item to item, with the largest hindrance being a disconnect between developer and security workflows.