Security News

Guide: Application security posture management deep dive
2023-12-13 03:45

Distinguishing real, business-critical application risks is more challenging than ever. A siloed, ad hoc approach to AppSec generates noisy false positives that overwhelm under-resourced security teams.

This Free Solution Provides Essential Third-Party Risk Management for SaaS
2023-11-30 11:55

Wing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management...

Organizations’ serious commitment to software risk management pays off
2023-11-21 04:30

There has been a significant decrease in vulnerabilities found in target applications - from 97% in 2020 to 83% in 2022 - an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming errors, according to Synopsys. The report details three years of data derived from tests run by Synopsys Security Testing Services, with targets made up of web applications, mobile applications, network systems and source code.

Generative AI is shaping future incident management processes
2023-11-15 05:00

Research points to generative AI as a means to resolve the incident management paradox with 84.5% who either believe AI can significantly streamline their incident management processes and improve overall efficiency or are excited about the opportunities AI presents for automating certain aspects of incident management. "Traditional, rule-based automation tools are no longer sufficient for the demands of modern operations teams. Despite robust incident management processes within numerous organizations, the relentless surge in service incidents - with its consequential impact on customers and financial ramifications - mandates a transformative approach. The path forward lies in harnessing innovative solutions like generative AI, augmented by automation and guided by human judgment, to not only expedite incident resolution but also proactively detect and preempt potential issues before they escalate."

k0smotron: Open-source Kubernetes cluster management
2023-11-14 04:30

Open-source solution k0smotron is enterprise-ready for production-grade Kubernetes cluster management with two support options. The k0smotron operator is deployed onto an existing Kubernetes cluster, designated as the management cluster similar to a "Mothership," that orchestrates and provides control plane services on demand.

The role of Kubernetes in modern app management
2023-11-06 04:00

Kubernetes, often abbreviated as K8s, is an open-source container orchestration platform that has redefined the way modern applications are developed, deployed, and managed. Born out of Google's internal container orchestration system, Kubernetes has become the de facto standard for containerized application management, offering a powerful and flexible platform for automating containerized applications' deployment, scaling, and management.

Vulnerability management metrics: How to measure success
2023-10-31 04:30

Without the right metrics, vulnerability management is pretty pointless. Intruder makes vulnerability management easy by explaining the risks and providing actionable remediation advice.

Logging Made Easy: Free log management solution from CISA
2023-10-30 10:07

CISA launched a new version of Logging Made Easy, a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA's version reimagines technology developed by the United Kingdom's National Cyber Security Centre, making it available to a broader audience on GitHub.

Make API Management Less Scary for Your Organization
2023-10-24 10:59

While application development has evolved rapidly, the API management suites used to access these services remain a spooky reminder of a different era. Introducing new API management...

CISA and NSA Issues New Identity and Access Management Guidance for Vendors
2023-10-16 21:26

In an email interview with TechRepublic, Jake Williams, faculty member at IANS Research and former NSA offensive hacker, said, "The publication highlights the challenges with comparing the features provided by vendors. CISA seems to be putting vendors on notice that they want vendors to be clear about what standards they do and don't support in their products, especially when a vendor only supports portions of a given standard." According to CISA and the NSA, the definitions and policies of the different variations of MFAs are unclear and confusing.