Category: InfoWorld Security

Last year’s MOVEit and 3CX vulnerabilities offered a stark reminder of the risk software supply chain attacks pose today. Threat actors exploit vulnerabilities to infiltrate a software provider’s network and modify the software’s original functionality with malicious code. Once the…

Read more →

Application security company Mobb has released an automatic vulnerability fixer for GitHub users. The tool monitors GitHub pull requests and offers code fixes within software development workflows. Unveiled January 23, Mobb Fixer provides developers with code fixes for security alerts…

Read more →

Authentication and authorization rank among the top priorities for application developers today. While they’re often used interchangeably, they actually represent two very different things. Yet in order to ensure a secure and seamless experience for users, both must work in concert. To illustrate the distinction…

Read more →

Software supply chain provider JFrog is integrating with the Amazon SageMaker cloud-based machine learning platform to incorporate machine learning models into the software development lifecycle. The JFrog platform integration with Amazon SageMaker, available now, ensures artifacts produced by data scientists…

Read more →

Cloud finops is the discipline of accounting for and optimizing cloud computing spending. It’s a reaction to years of undisciplined cloud spending or a way to bring order back to using cloud resources. Overall, it is a step in the…

Read more →

When cloud computing became enterprise-ready, and tools such as continuous integration and continuous delivery, infrastructure as code, and Kubernetes became mainstream, it marked a clear paradigm shift in dev and ops. The work separating dev and ops became devops responsibilities,…

Read more →

Most security issues in the cloud can be traced back to someone doing something stupid. Sorry to be that blunt, but I don’t see ingenious hackers out there. I do see misconfigured cloud resources, such as storage and databases, that…

Read more →

Software development is currently undergoing a profound transformation, marked by a quiet yet remarkable surge in advanced automation. This impending shift promises to streamline the creation and deployment of high-quality applications on an unprecedented scale. Rather than a single technology…

Read more →

I recently moderated a session for the CSO Cybersecurity Summit on building resilience and addressing employee anxiety amid organizational transformation. My session focused on the stresses and burnout experienced by security teams, including recent data showing that 94% of chief…

Read more →

The arrival of ChatGPT in late 2022 and the ensuing cascade of large language models ensured that 2023 will forever be known as the year of generative AI (GenAI). With amazing speed, generative AI has rippled across the entire information…

Read more →