The tech giant’s new software security framework is a roadmap to help developers defend against common attacks at every link in the development and production chain.
Some industry groups are warning the U.S. government that third-party testing or review would be overly intrusive and might not add much benefit, especially if the focus is on source code or earlier stages of the development process.
As one researcher warned, being in the gatekeeper position of determining what’s trustworthy gives tremendous influence to an organization that owns more than three-quarters of browser market.
A recent survey found that most development teams, 81%, knowingly pushed flawed code live, and 20% senior of managers even admitted to committing this practice often.
Luta Security’s Katie Moussoris details Clubhouse vulnerabilities she disclosed, and how fast growing startups with good intentions sometimes drop the ball.
Collaboration tools that have become more central to how organizations operate since the pandemic are poorly understood by infosec teams and are relatively immature in terms of accompanying security protections provided by third parties.
It’s a sign that software security – and open-source security in particular – is increasingly top of mind for investors as industry and governments respond to a series of damaging software-based hacks carried out by nation state actors over the past year.
Had two malicious commits not been caught, they could have infected scores of websites using the programming language.
Rising rates of vulnerabilities, a more complex development environment and a lack of industry standards are putting software applications at risk. Can newer security tools and processes turn the tide?
The backdoor is able to record the victim’s microphone, camera and keyboard entries, plus can upload and download files.
