Open-source: The New Way of Envisioning Security
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
CloudCasa July Feature Updates
It’s been about three months since the last CloudCasa feature release in April, and we are now approaching the Dog Days of summer. These, as you may know, are named for the heliacal rising of Sirius, the Dog Star, in this sultry season, though the term more often conjures images of dogs lazing in the hot summer sun. We have been doing no summer lazing here at CloudCasa, though! Since our April release, we have focused much of our development effort on performance and reliability improvements.
The New Era of AI-Powered Application Security. Part Three: How Can Application Security Cope With The Challenges Posed by AI?
This is the third part of a blog series on AI-powered application security. Following the first two parts that presented concerns associated with AI technology, this part covers suggested approaches to cope with AI concerns and challenges. In my previous blog posts, I presented major implications of AI use on application security, and examined why a new approach to application security may be required to cope with these challenges.
CodeSecDays brings security leaders together to build a world without software security issues
In GitGuardian's first digital conference, CodeSecDays, security leaders from multiple leading companies like Snyk, Chainguard, Doppler, RedMonk, and more came together to share the latest in code and application security.
Strange Bedfellows: Software, Security and the Law
The ongoing rise in cyberattacks across the software supply chain and a shifting regulatory landscape are forging an unlikely alliance between CISOs, software leaders and legal experts. Privacy, the shifting and diverse regulatory landscape, liability and new AI/ML use cases all present unique challenges and opportunities for risk management, but to best navigate these challenges, legal teams must be involved, too. Why? Because today, software vulnerabilities can represent not just a business risk but a legal risk.
Two Birds, One Stone: Shrinking Security Debt and Attack Surfaces
Cybersecurity teams and developers continually struggle to reconcile what can seem like two competing priorities. Delivering new capabilities and addressing existing security technical debt. But what if they can do both at the same time? Forward-leaning AppSec programs are finding smart ways to reduce security debt by instituting a strategic approach to managing security vulnerabilities. This approach starts by reducing the attack surface early on and throughout development.
Malicious Package Trend Analysis
It might seem obvious that regularly upgrading software and dependencies means your software is inherently more secure, but in practice, this is hard to achieve. Choice Hotels struggled to manually maintain their codebase and remediate all the transitive vulnerabilities lurking in the code. Today’s compositional applications created a complex archeological exploration challenge for developers trying to resolve security issues across a codebase. It was time-consuming, tedious, and imperfect.
Sponsored Post
Automation and the value of power management
Has the pandemic come to an end? Are we back to a full-fledged, in-office work style? The answer is absolutely not. What we proposed as the "new normal" (working from home) back in 2020 is now just normal in 2023. Gartner research predicted that "almost 50% of employees will will continue to work remotely post-pandemic," which is the reality now! With this shifting trend towards a flexible work culture, it's essential for front line IT workers, aka sysadmins, to stay equipped with a supercharged remote troubleshooting toolkit to rescue endpoints in trouble.
8 tips for securing your CI/CD pipeline with Snyk
Securing your CI/CD pipeline is critical to modern application security. So, we created a cheat sheet to make the process easier. In this post, we’ll cover using Snyk in your CI/CD pipelines to catch security issues quickly and empower your developers to fix them before they get to production.