It’s no surprise that cloud adoption continues to be a major force impacting organizations today. A 2020 McKinsey survey indicated that many organizations saw several years worth of digital transformation take place in 2020. An IDG survey, which we referenced in our Securing Best of Breed SaaS Applications webinar, suggested that 95% of organizations expect to be partly or fully in the cloud by the end of 2021, with almost half the applications used by their workforce being SaaS or open source.

Imagine, it’s a Saturday morning and you receive a call from a bank: – Hello? – Hi [insert your name], we suspect that a fraudster is trying to use your card at a grocery store in Texas. – Well, I am at a grocery store in Texas! – Oh my gosh! Do you see him? If only credit card fraud was funny.

Kubernetes version 1.22, the latest release of Kubernetes, comes with bug fixes, enhancements, and new features that make the platform more stable, scalable, and user-friendly. There are a total of 56 improvements with different maturity levels and a considerable number of API removals. In this article, I’ll focus on the security-related changes in Kubernetes as well as a few other significant changes in Kubernetes API and usability.

Members of the cybersecurity industry — including the Devo team — are gathering this week for the annual Black Hat USA conference in Las Vegas. Some will be present in person. Many others will participate virtually due to travel issues related to the pandemic. In either case, the latest edition of Black Hat, and its home city, have me thinking about cybersecurity and… gambling.

Regardless of size, every company could experience a cybersecurity incident one day. Security incidents can occur in companies, public institutions, schools, etc. Cybersecurity incident actions are similar to actions to be taken in response to a security incident, for example in a school. It is an inevitable reality that your network may be exposed to an incident threat.

In part two of our series on writing checkers with CodeXM, we explore how to run your CodeXM checker with Coverity using a command line interface. In the last post, we discussed how to write a simple checker using CodeXM. But writing the checker is not our final purpose; our target is to use that checker on our own business code. In this post, we look at how to run your CodeXM checker with Coverity® using a command line interface.

Last year’s rapid and sometimes erratic transition to remote work left many businesses looking for new ways to understand employee behavior when working from home. According to a survey of 2,000 employers offering remote or hybrid work, 78 percent deployed employee monitoring software to track worker behavior in the past six months. As businesses emerge from the recent pandemic, it’s clear that some things will not return to business as usual.

NicheStack is a TCP/IP network stack commonly used in millions of Operational Technology (OT) devices around the world, including in critical infrastructure such as manufacturing plants, power generation/transmission/distribution, water treatment, and more. JFrog’s security research team (formerly Vdoo), together with Forescout Research Labs, recently discovered 14 new security vulnerabilities affecting the NicheStack TCP/IP stack.

There are multiple advantages of outsourced networking monitoring. No matter your organization’s size, it’s vitally important to protect the data that can be accessed inside and outside of the perimeter.

Open Policy Agent (OPA) is rapidly becoming a cornerstone in the management and maintenance of secure and compliant systems that align with industry and organizational best practices. As more organizations begin — or continue — their cloud-native digital transformation, the importance of policy-as-code only increases. Sometimes, though, becoming an expert in yet another tool or language isn’t in the cards.