Security News

"The move to cloud-native platforms has shifted the way applications are developed and deployed," said Tim Callahan, senior vice president and global chief security officer for Aflac, and Venafi customer advisory board member. Jetstack and Venafi have been working closely together over the last two years to dramatically accelerate the speed of innovation for next generation machine identity protection in Kubernetes, multi-cloud, service mesh and microservices ecosystems.

These days, Josh is writing about the future of data policy and ownership, which are important issues for everyone that's really involved in the development of a new app or a system, from developers to project managers and everybody in between so that's why he's here talking about some of those things that developers need to know about data collection. One thing that we really need to start looking at it differently is the separation between data ownership and data privacy and data security because a lot of times I feel when people are talking about this, it gets all balled up into one.

In a post-Cambridge Analytica world, developers are more important than ever to the data privacy and security of the software they build.

HarperDB releases HarperDB Cloud, its fully managed and hosted cloud offering. HarperDB Cloud instances can be spun up in minutes, featuring a built-in API, ACID compliant SQL and NoSQL capabilities, and standard interfaces for connecting to reporting and analysis tools.

A legitimate file may be called "Thisisafile.exe," while a malicious impersonator may call itself "This1safile.exe." Unobservant users could thus download the malicious file by mistake. If developers accidentally downloaded the rogue files instead of the legitimate gems they were looking for, the software packages they built using the libraries would automatically harbor the Bitcoin-stealer, endangering all users of that software.

By pairing the system with human security experts, Microsoft said it was able to develop an algorithm that was not only able to correctly identify security bugs with nearly 100% accuracy, but also correctly flag critical, high priority bugs 97% of the time. According to Microsoft, its team of 47,000 developers generate some 30,000 bugs every month across its AzureDevOps and GitHub silos, causing headaches for security teams whose job it is to ensure critical security vulnerabilities don't go missed.

For the first time ever, the findings prove the correlation between developer happiness and application security hygiene, with happy developers 3.6x less likely to neglect security when it comes to code quality. Happy developers are also 2.3x more likely to have automated security tools in place, and 1.3x more likely to follow open source security policies.

Lightstep, the leading provider of observability software for organizations adopting microservices and serverless, announced the release of its best-in-class observability solution to help developers better understand the health of systems and services. New analysis features provide developers with the fastest and most effective way to investigate errors, understand service health issues, and predict the impact of new deployments.

Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. The open-sourced Jetpack Security library lets Android app developers easily read and write encrypted files by following best security practices, including storing cryptographic keys and protecting files that may contain sensitive data, API keys, OAuth tokens.

Google Chrome extension developers have been left high and dry for weeks as the company struggles to cope with a spike in fraud on the Chrome Web Store. Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users.