Hallowe’en is still months away, but Frankenstein is out trick-or-treating even as you read this, and the operative word here is “trick”. Payment fraud criminals continue playing their games with financial institutions’ (FIs) customers and online merchants.
Many businesses are now talking about artificial intelligence (AI), and specifically machine learning, as a way to solve data problems more effectively. In theory, this sounds easy. What could be better than using AI to get a computer to learn how to solve a problem over time, without manual intervention? The reality is very different, however.
How can you successfully navigate open source license compliance? Start with the right tools to identify your dependences and calculate their risks. What if you have an open source software package licensed under a permissive license like the Apache or MIT, but inside that package are dependencies licensed under a restrictive license like the General Public License (GPL)? What are some best practices to follow?
Every career has defining moments. Most are spread out over years or even decades, but the cybersecurity world has had two career-defining moments just in the past year. It started with the global shutdown due to the COVID-19 pandemic. Overnight, many organizations were forced to support employees working remotely. CISOs, like me, were expected to keep both our company and its employees safe in a completely unpredictable world.
As we look to improve the quality and capabilities of the JFrog DevOps Platform, especially in the world of DevSecOps, we have added powerful new features to further enhance the award-winning JFrog Xray. The capabilities detailed below cement Xray’s position as a universal software composition analysis (SCA) solution trusted by developers and DevSecOps teams globally to quickly and continuously identify open source software vulnerabilities and license compliance violations.
Arguably the greatest threat to organisations in 2021 is ransomware. Ransomware attacks proliferated in 2020, increasing by 435% compared to 2019. The number of ransoms paid has also increased from 39% in 2018 to 58% in 2020 (the figure is likely to be even higher when factoring in those organisations that have not disclosed whether a ransom has been paid).
Last summer, we announced our plan to expand our partnership with Trend Micro to provide security operations teams visibility and tracking of vulnerabilities and license risks in open source components. The long-standing partnership already includes container image security scanning that leverages Snyk’s proprietary vulnerability database.
If you know about a vulnerability, you can be certain that adversaries also know about it – and are working to exploit it. It sounds like a no-brainer; but using components with known vulnerabilities still makes #9 in the current OWASP list of the ten most critical web application security risks.
If you know about a vulnerability, you can be certain that adversaries also know about it – and are working to exploit it. It sounds like a no-brainer; but using components with known vulnerabilities still makes #6 in the current OWASP list of the ten most critical web application security risks.