Platform engineers need to be empowered in an organization’s security program. Their work has huge leverage over a product's security posture, arguably as great an impact (some would even say greater) than application vulnerabilities. Despite the significance of the impact of their work, their role in security programs remain ill-defined.

As technology continues to advance, the potential for hacking and cyber-attacks on various devices and systems has become a major threat. This has extended to the automotive industry, with increasing numbers of car hacks being reported. With the rise in the production of electric vehicles (EVs), these attacks have escalated in frequency and severity.

What does secure by design vulnerability mean? Is this an oxymoron?

The Docker developer ecosystem is continuously growing, and container security is becoming even more important as the Docker developer ecosystem evolves. The developer-friendly Snyk security integration with Docker is invaluable in today’s landscape. Snyk has made significant updates to the Docker Desktop Extension and continues to evolve the extension to ensure the applications and images pushed to the container registry don't have critical vulnerabilities.

Last week, on March 31st, NetSPI researchers announced that they found a cross-tenant Azure vulnerability in the Microsoft Power Platform connectors infrastructure, which allowed them to then access “at least 1,300 secrets/certificates in 180+ vaults”. In this article, we set out to analyze the root cause behind this vulnerability, explain its impact, and provide our own recommendations for Power Platform users and administrators.

A vulnerability is any flaw or weakness within the technology system that cybercriminals can exploit to gain unauthorized access to a network, information assets and software applications. For any organization today, there are plenty of vulnerabilities. Knowing where and how vulnerabilities can exist, you can start to get ahead of them. So, let’s look at the 5 most important types of vulnerabilities.

Digital transformation initiatives have pushed software development to the next level. Today's consumers demand an optimum customer experience and expect modern apps to live up to high expectations. So, the average developer in 2023 must keep up with faster delivery, more eye-catching features, and better functionality. This unprecedented growth in the software development industry has led to a massive disparity between development and security teams.

The transition to hybrid IT architectures and remote work strategies has greatly expanded the IT estates of most organizations in recent years. Couple this expansion with the growing number of computing and IoT devices that connect to company networks today and you understand why cybersecurity is a growing challenge: As your IT footprint grows, so does your attack surface.

It is crucial to assess vulnerabilities properly to achieve your cybersecurity goals through your vulnerability management program. A vulnerability assessment checklist can be a practical solution to ensure a consistent and thorough assessment process and minimize the risk of missing significant vulnerabilities.

How hard can it be to support custom container image tags? Turns out… quite! I know this because my team has been busy at work on our new custom base image support for Snyk Container, andwe were tasked with the following problem: Given a tag, parse its parts to be able to compare it to other similar tags. It was a fun problem to solve, and we'd love to share how we got to our final solution!