A software supply chain security startup led by a longtime Google Cloud engineer closed a Series B round to help protect more open-source software. Seattle-area Chainguard said it can secure approximately 80% of the open-source software existing customers run in their enterprise today.
Snyk purchased a Portuguese startup founded by SonarSource and European Parliament veterans to help developers contribute to code bases more quickly. The Boston-based developer security vendor said its buy of Porto-based Reviewpad will help developers secure pull requests.
In the latest "Proof of Concept," DXC Technology IT CISO and CyberEdBoard member Mike Baker and Chris Hughes, co-founder and CISO of Aquia, join ISMG editors to discuss benefits, challenges and misconceptions of adopting open-source software in modern code bases - plus best practices for securing them.
Maintainers of the widely used open-source command-line tool cURL and libcurl library that supports key network protocols said two upcoming vulnerabilities are set to be disclosed this week. One flaw is probably "the worst curl security flaw in a long time," said curl founder Daniel Stenberg.
Check Point Software will buy a SaaS security startup founded by former Armis leaders to anticipate and block threats from malicious applications. The deal will give clients a better understanding of the SaaS platforms - such as Office 365, Salesforce and GitHub - that power their business.
Multiple hackers are minting newer capabilities from an open-source information stealer to spawn new variants. The malware steals sensitive information such as corporate credentials, which are resold to other threat actors for attacks, including operations related to espionage or ransomware.
In today's evolving digital landscape, application security is crucial. That’s why it is increasingly important to normalize the use of two-factor authentication in the developer community to the point that it is "effectively ubiquitous," said John Swanson, director of security strategy at GitHub.
Third-party targeting by attackers has intensified due to the interconnectedness of the business world, enabling adversaries to exploit intermediaries for access. With the surge in cloud adoption, visibility in the cloud is paramount, advised Levi Gundert, chief security officer at Recorded Future.
Organizations engaged in software production often run their applications and services within cloud environments. CEO Ganesh Pai advocates the "shift-up" approach for enhanced cloud security, which focuses on operational visibility extending from software composition to production workloads.
In the latest "Proof of Concept," Mike Baker, VP/IT CISO at DXC Technology and a CyberEdBoard member, and Chris Hughes, co-founder and CISO at Aquia, join ISMG editors to explore the state of the software supply chain, MOVEit breaches and the role of SBOMs and transparency in software development.
A finalist in RSA Conference's prestigious Innovation Sandbox contest completed its first major funding round to extend its capabilities from code security to pipeline security. Endor Labs got $70 million to move beyond protecting open-source software and get into locking down the CI/CD pipeline.
The rapid pace of API development has created major risk for companies given the amount of data that's being exposed, said Salt Security CEO Roey Eliyahu. The security industry hasn't adapted quickly to address these problems since it's still used to relatively static APIs that were easy to guard.
A startup led by former AWS and Oracle AI executives completed a Series A funding round to strengthen security around ML systems and AI applications. Seattle-based Protect AI plans to use the $35 million investment to expand its AI Radar tool and research unique threats in the AI and ML landscape.
A surging Sonatype and Snyk joined stalwart Synopsys atop Forrester's software composition analysis rankings, while Mend.io tumbled from the leaders category. SCA historically didn't get as much attention as application security testing but that’s changing, said Forrester's Janet Worthington.
Synopsys stands head and shoulders above the competition in Gartner's application security testing rankings, with Snyk rising and HCL Software falling from the leaders category. Longtime app security players Veracode, Checkmarx and OpenText joined Synopsys and Snyk atop the Gartner Magic Quadrant.