Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
07/04/2022
Top 3 Things DevSecOps Teams Can Do Now to Address the Broken Software Supply Chain
Software supply chain attacks are exponentially increasing in volume and frequency.
06/23/2022
Government’s Move to Serverless: Rethinking Security Strategy
Today, nearly half (49%) of organizations are running applications on serverless technology.
06/17/2022
Why Zero-Day Attacks on Open-Source Libraries Are Surging
Contrast Security CPO Steve Wilson on Why the Log4j Hack Is a Sign of Things to Come
06/16/2022
Businesses need to focus-in on an AppSec strategy
By now, everyone should have an AppSec program. Companies trust their businesses to software and need to know it can’t be used against them.
06/16/2022
Larry Maccherone, Contrast Security | RSA Conference 2022
Larry Maccherone, Contrast Security | RSA Conference 2022
06/09/2022
Atlassian Zero-Day Vulnerability Allowing Critical Remote Code Execution Patched After Several Exploitation Incidents
A zero-day vulnerability in widely used IT service management software Atlassian has now been patched, about a week after reports of it being abused for remote code execution began to appear.
06/08/2022
Contrast Security Releases CodeSec at No Cost to Developers
Contrast Security announced the launch of CodeSec by Contrast Security (CodeSec), an easy to use, self-service, enterprise-tested application security solution available to all developers at no cost.
06/07/2022
Critical RCE Vulnerability Threatens 20K Atlassian Confluence Instances
The RCE vulnerability affecting Atlassian Confluence Data Center and Servers enables attackers to inject and execute arbitrary code and eventually control the target system.
06/03/2022
Contrast Security Adds Free Code-Scanning Tool
Contrast Security this week made available a free security tool that enables developers to scan their code using the same core engine used by the cybersecurity team within their organization.
06/02/2022
Contrast Security announces new free code scanning tool
Contrast Security, the code security company that enables developers to secure while they code, today unveiled a new code scanning tool, CodeSec by Contrast Security.
06/02/2022
CodeSec by Contrast Security Launched at No Cost to Developers
Contrast Security announced the launch of CodeSec by Contrast Security (CodeSec), an easy to use, self-service, enterprise-tested application security solution available to all developers at no cost.
05/11/2022
7 top software supply chain security tools
As the fallout from the Apache Log4J vulnerabilities earlier this year shows, the biggest risks in enterprise software today are not necessarily with insecure code written directly by in-house software development teams.