Security News

With tools optimized for Red Hat OpenShift, the industry's most comprehensive enterprise Kubernetes platform, developers can tap into the benefits of Kubernetes-including speed, consistency, portability and scale-without extending development time or complexity. Red Hat OpenShift 4.5 addresses the needs of both developers who are unfamiliar with Kubernetes and just want to code, as well as expert Kubernetes developers seeking maximum flexibility.

Rather than focusing on time-consuming and frustrating security bottlenecks and interruptions to writing code, developers can focus on creating innovative and secure applications. Community Edition offers near full access to Contrast's products, with developers receiving interactive application security testing, software composition analysis, and runtime application self-protection solutions-all for free.

Datadog has acquired Undefined Labs, a testing and observability company for developer workflows. "By enabling observability early in the development cycle, we can help teams optimize builds and gain visibility into key continuous integration and delivery workflows. Undefined Labs will form a solid basis for making observability a key part of every development cycle by diagnosing, catching, and avoiding performance challenges long before they hit production."

More training on security tools and better performance metrics can accomplish this, according to a new survey. Developers and security analysts are working together on a daily basis to build more secure applications but training is still not a top priority, according to a new survey.

Customer engagement company Airship announced that it is launching a free version of Apptimize's Feature Flags solution, enabling app developers to control the scope and timing of feature launches in order to validate success and reduce risk prior to full rollout. From new apps to those with massive audiences, developers can use Feature Flags by signing up for a free account, or take advantage of newly reduced pricing for unlimited Feature Flags from Apptimize.

The social media giant said that it recently discovered that 5,000 developers received data from Facebook users - long after their access to that data should have expired. In 2018, on the heels of the Cambridge Analytica privacy incident, Facebook debuted stricter controls over data collection by third-party app developers.

A new survey of developers has found that there isn't a single application security tool that at least 80% of developers said is inhibiting their productivity. The degree to which various aspects of appsec hinder developer productivity vary from item to item, with the largest hindrance being a disconnect between developer and security workflows.

A man who developed distributed denial of service botnets based on the source code of Mirai was sentenced to 13 months in federal prison. Initially based on the publicly available Mirai source code, the botnets received additional capabilities over time, which increased their complexity and efficiency, the DoJ says.

Children's app developer HyperBeard has agreed to pay $150,000 after being accused by the Federal Trade Commission of illegally collecting children's data without parental consent. A recent complaint filed by the Department of Justice claims that the app developer allowed third-party ad networks to collect personal data from children using its apps - without notifying parents or obtaining verifiable parental consent.

In its write-up of the attack, the GitHub Security Labs team explains how the malware lurks in source code repositories uploaded to its site, activating when a developer downloads an infected repository and uses it to create a software program. Most of the variants that GitHub found in its scans also infect a project's source code, meaning that any other newly-infected projects mirrored to remote repositories would spread the malware further on GitHub.