White House officials met with leaders from leading cloud tech companies including Google, Amazon and Microsoft last week, in which they discussed the critical role open-source software plays in enabling the development of cybersecurity measures that benefit organizations from both the public and private sectors.
Before agile development and what has been called “adaptive development learning,” the chief security officer of Trexin Consulting said in this episode of CISO Stories that Systems Development Life Cycle (SDLC) was viewed as “tricks for getting things done.”
A new study found that 400 popular packages on repository Maven Central used Log4j code without calling it as an external package. Why does that matter? Because any time code is included without calling it as an external package, traditional dependency analysis might not be enough to find it — including when Java coders use a common trick to resolve conflicting dependencies during the design process.
Today’s columnist, Amitai Ratzon of Pentera, says SecValOps offers the next step in a continued proactive security approach, a tone that’s been set all year with the Biden administration’s executive order in May.