What is Zero Trust? Clear up the confusion about Zero Trust with help from Netskope's field CTO and former Gartner Analyst, Steve Riley.

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.

The Arctic Wolf Labs team recently investigated a Lorenz ransomware intrusion, which leveraged a Mitel MiVoice VOIP appliance vulnerability (CVE-2022-29499) for initial access and Microsoft’s BitLocker Drive Encryption for data encryption. Lorenz is a ransomware group that has been active since at least February 2021 and like many ransomware groups, performs double-extortion by exfiltrating data before encrypting systems. Over the last quarter, the group has primarily targeted small and medium businesses (SMBs) located in the United States, with outliers in China and Mexico.

cifuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands.

#policies
This video in the series describeshow the Mend Unified agent can be used to check and fail CI/CD pipelines when open source vulnerabilities and licensing risks are detected.

At Amazon, Jeff Bezos was famous for having an empty chair in the meeting room that represented the customer. I admire him for that because as the organization grows, it's easy to have meetings that are so focused on metrics, KPIs, internal execution, etc. that you lose sight of the customer. Here’s how we practice being customer-obsessed at SecurityScorecard: We make sure that we start every meeting by sharing customer insights, such as.

Writing riskless code is challenging, and the cost of deploying vulnerable code can be extremely high. But detecting issues before they hit production can reduce costs and user pain. Both Snyk and Codecov work to help developers catch issues in your codebase before they become problems. Join members from Snyk and Codecov going over everything you need to know to understand how to de-risk code.

16 weeks of preparation in the ConnectWise PitchIT acceleration program comes down to this 5-minute pitch. On August 31st Vonahi presented their solution in front of partners, judges, and the MSP community for the chance to make it to the top 3 finalists. Winning this round gives Vonahi the chance to present vPenTest on center stage at The IT Nation Connect conference in front of +3,000 attendees.

Tony Loehr, Developer Advocate at CyCode, discusses the strengths of the CyCode platform in the software development life cycle to secure software delivery.

As globalization takes shape and government regulations defy borders, the issue of compliance risk remains a top-level business issue. Growing concerns over consumer privacy and data security have prompted a rush of legislation intended at holding corporations more accountable for maintaining and sharing the information they collect about consumers.