For a variety of reasons, some more obvious than others, it’s unreasonable to expect federal and local governments to develop the software that supports their day-to-day operations. So they turn to solutions provided by private companies. This is really a win-win situation; the government gets access to best-of-breed solutions developed by experienced companies, and the vendor secures funds that help spur innovation that’s available to the public and private sector alike.

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to detect and avert potential software supply chain security threats. After validating the findings, the team reports any security vulnerabilities or malicious packages discovered to repository maintainers and the wider community.

In today’s world, businesses, economies, and lives are connected by a complex spider web of code and software applications. This code and these applications drive e-commerce, financial transactions, and data input. They impact our ability to quickly transfer money from one account to another, to fill out an online mortgage application, and to order supplies from a vendor. The code that drives these systems is complicated. If something can go wrong, it will.

The term Governance, Risk, and Compliance (relatively known as its acronym ‘GRC’) is an integrated strategy for managing an organisation’s overall governance procedures, enterprise risk management, and regulatory compliance.

Kerberos authentication is a network protocol that secures user access to services/applications by using secret-key cryptography across client-server communications. The Kerberos network authentication protocol helps prevent hackers from intercepting passwords over unsecured networks.

The number of missing security patches in an OT system is typically very large—measured in the thousands, at least. It would be difficult and expensive for an asset owner to evaluate each missing security patch / cyber asset pair. This may be one reason we see a patch everything approach, but this is also difficult and expensive. In fact, assessments show this is rarely done even where required by policy.

If you’re a Tripwire® Whitelist Profiler customer, then you know that the software does an excellent job of executing its core functionalities. These include comparing the running state of a machine to the approved and expected configurations in your environment to stay in compliance with audit and internal policies. Although Whitelist Profiler is proficient in this regard, that doesn’t mean it can’t be improved in other capacities such as ease of use.

CISA issues ‘Shields Up’ alert to warn US companies about potential Russian hacking attempts to disrupt essential services and critical infrastructure as the Russia-Ukraine crisis escalates. Get ahead of the situation with essential information.

AIOps or Artificial Intelligence for IT Operations refers to a set of technologies that augment human decisions with autonomous decisions driven by AI and machine learning that learn patterns, relationships from data. AIOps is the term originally coined by Gartner, and pictorially illustrated in the following way.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week let’s zoom in on Privacy Enhancing Technologies (PETs), which deals with the common, yet pressing concern of data privacy and security. Illustrated by Balaji K R