We here at WhiteSource often get asked if we use our own software when we’re developing our product. It’s a fair question. Like most of our customers, we write a lot of code. A lot of code. And we want it to be secure. Really secure. So it should come as no surprise that the answer to this question is a resounding and absolute yes! At WhiteSource, we believe in practicing what we preach.
With the onset of the ongoing COVID 19 pandemic, cybercriminals started looking for opportunities to threaten the already suffering businesses through malware, ransomware, and social engineering attacks. Amidst this public health crisis, a new remote working culture evolved as remotely connected workplaces had to adapt rapidly to a greater digital threat emerging online.
In today’s highly regulated digital businesses a frictionless, and secure identity verification has become a mandate. The traditional onboarding process for new clients can be time-consuming, error prone, labor-intensive, manual process involving multiple departments within the institution. This can lead to frustrating delays for customers and can put a strain on the business relationship.
Whether you’re just starting to understand basic Rego language concepts or want to brush up on structuring policy-as-code rules, Styra Academy’s “OPA Policy Authoring” course lays out the fundamentals you need to know to get started. Before we dive in, let’s get a better understanding of Open Policy Agent (OPA) and some common use cases. OPA is an open source, general purpose policy engine for cloud native environments.
It’s official! Snyk Container offers support for scanning container images stored in the popular open source container registry, Harbor. Snyk Container helps you find and fix vulnerabilities in your container images, and now it integrates with Harbor as a container registry, enabling you to import your projects and monitor your containers for vulnerabilities. Snyk tests the projects you’ve imported for any known security vulnerabilities found, testing at a frequency you control.
We’re excited to share that you can now scan container images stored in Red Hat’s Quay container registry and their hosted Quay.io service with Snyk Container. Snyk Container helps you find and fix vulnerabilities in your container images and integrates with Quay as a container registry to enable you to import your projects and monitor your containers for vulnerabilities, as is fully described in our Snyk Container documentation.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. A supply chain infection that could have had far reaching impact had it filtered to deployed builds. This time, instead of package dependency infection, they went for the core….
Fixing security findings in your code can be hard. Sometimes you need help from other developers who have solved these problems before. Veracode provides one-on-one time with ex-developers who can coach you through different approaches to address security findings. But sometimes, you don’t really want advice. Instead, you need a boost to help you get through the day of reducing risk in your software.
“Science and technology revolutionize our lives, but memory, tradition, and myth frame our response.” – Author Arthur M. Schlesinger Urban myths rely on their communities of origin to thrive and survive.
The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%, while the number of threats capable of disrupting those systems rose from 26% to 59% over the same period. Let’s face it. Critical infrastructure operators in manufacturing, aerospace, energy, shipping, chemical, oil and gas, pulp and paper, water and wastewater, and building automation are heavily relying on USB devices.
