Software development and security often have separate challenges and concerns. Developers are worried about pushing software to production in a timely manner. Security teams worry about the security of the code being pushed. Veracode offers a solution that meets the needs of both sides. On Peerspot, where Veracode is ranked number one in application security, users discuss how Veracode enables them to build an advanced application security program.

Many of the most prolific ransomware attacks to hit the news, such as Wannacry and Petya in 2017, affected PC users only. The distinct absence of Apple computers in the long list of victims has many Mac users wondering if ransomware attacks are a cyber threat they need to worry about. Can ransomware affect Macs? Short answer: Yes. While rare, security researchers have noted examples of Mac-compatible ransomware variants.

As more and more businesses adopt cloud computing services for their operations, the threat against cloud infrastructure is also increasing. AWS, the huge cloud service provider in the market, provides many security features to secure the cloud structure and customer data. It is essential to understand the service provider’s security policy before adopting it for the business.

I was listening to a recording of some colleagues speaking with a customer about security ratings and cyber insurance and there were some confusions in the discussion that troubled me and I wish that I had been there to help clear them up. Or at least try. So this little musing is meant to do that..

There is no shortage of alerts concerning security vulnerabilities. Unfortunately, the deluge of data available is overwhelming and not specific enough to be actionable. We don’t think that’s very helpful, so we’ve integrated our platform with Rapid7 InsightVM to ensure that our customers have full visibility into their security posture, including endpoints, and that they know how to prioritize remediation.

Since my previous blog CMMC Readiness was published in September 2021, the Department of Defense (DoD) has made modifications to the program structure and requirements of the Cybersecurity Maturity Model Certification (CMMC) interim rule first published in September 2020. CMMC 2.0 was officially introduced in November 2021 with the goal of streamlining and improving CMMC implementation.

CrowdStrike recently announced the addition of Falcon Identity Threat Protection and Falcon Identity Threat Detection to its GovCloud-1 environment, making both available to U.S. public sector organizations that require Federal Risk and Authorization Management Program (FedRAMP) Moderate or Impact Level 4 (IL-4) authorization. This includes U.S. federal agencies, U.S. state and local governments and the Defense Industrial Base (DIB).

Integrating Kubescape with 3rd party projects and DevOps tools is a strategic mission for us to enable you to extract more value out of Kubescape throughout the CI/CD pipeline, SDLC, and monitoring phases. We are happy to announce two significant integrations of Kubescape to leading Kubernetes open-source CI/CD tools.

By 2025, there will be 55.7 billion connected IoT devices (or “things”), generating almost 80B zettabytes (ZB) of data. These are just some of the statistics that underscore enormous opportunity in IoT—and the enormous security risks all those IoT devices create.

Kubecon EU returned to Spain. This time to Valencia, city of paella and horchata and, of course, a great place for big events. We had a great time meeting you all in person, and attending the talks. Here are our hot takes from the event. The main event started on Wednesday, but before that different co-located events took place: Ebpf Day, Cloud Native SecurityCon, and PrometheusDay among others. These events gathered a large number of attendees.