Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.
Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.
Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.
IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.
Open-source adoption is being accelerated by AI and automation, but developers need to proceed with caution to ensure they’re not introducing extra risk into their software supply chain. Brian Fox, co-founder and CTO of Sonatype, explained that AI can accelerate good engineering, but it can also scale mistakes faster, especially if it doesn’t have real-world … continue reading
Codenotary is adding new capabilities to its SBOM.sh service, which provides free analysis of software bills of materials (SBOMs). According to the company, the updates were made in consideration of AI applications, and the tool now treats datasets as software supply chain artifacts. “Traditional SBOM tools were built for an earlier era – focusing primarily … continue reading
Docker has announced that it is open sourcing its catalog of over 1,000 Docker Hardened Images (DHI), which are production-ready images maintained by Docker to reduce vulnerabilities in container images. Each image includes a complete software bill of materials (SBOM), transparent public CVE data, SLSA Build Level 3 provenance, and cryptographic proof of authenticity. Available … continue reading
As this year comes to a close, many experts have begun to look ahead to next year. Here are several predictions for how companies will manage security in 2026. Suja Viswesan, security software leader at IBM Shadow agents will accelerate data exposure faster than we can detect it: As autonomous AI agents begin to operate … continue reading
A new malicious campaign linked to the Shai-Hulud worm is making its way throughout the npm ecosystem. According to findings from Wiz, over 25,000 npm packages have been compromised and over 350 users have been impacted. Shai-Hulud was a worm that infected the npm registry back in September, and now a new worm spelled as … continue reading
Doctors have to follow the Hippocratic Oath, swearing to do no harm to their patients. Developers ought to be following a similar oath, promising to do no harm to their codebase when implementing new features or making changes. Mitchell Johnson, chief product development officer at Sonatype, explored this concept and if it’s even still possible … continue reading
OX Security is shifting security as far left as it can go with the launch of VibeSec, which it says can stop insecure AI-generated code before the code even gets generated. It does this by embedding dynamic security context into the coding model so that it doesn’t suggest code that contains security issues. “VibeSec doesn’t … continue reading
Chainguard, a company that provides a repository of trusted container images, has announced the launch of a new collection of trusted builds for JavaScript dependencies. According to Chainguard, recent attacks against the JavaScript package manager npm have underscored the need for more secure mechanisms to consume JavaScript libraries. The company says that public registries do … continue reading
In response to the recent supply chain attack in the JavaScript package manager npm, GitHub has made a few changes that will enable stronger security. The attack on the npm ecosystem was caused by a worm, named Shai-Hulud, that infects and republish other packages with its malware to spread it across the npm ecosystem. “By … continue reading
Digital.ai has created a new product that will make white-box cryptography accessible to all developers, not just cryptography experts. White-box cryptography is a technique that adds cryptographic protections directly into application code, making it hard for attackers to obtain secret information, like cryptographic keys. Digital.ai’s White-box Cryptography Agent provides access to a white-box cryptography library … continue reading
Android will soon require app developers to go through an identity verification process before their apps can be installed on users’ devices—regardless of if the apps are downloaded through the Play Store or sideloaded. “Think of it like an ID check at the airport, which confirms a traveler’s identity but is separate from the security … continue reading
Tenable is updating its Vulnerability Priority Rating (VPR) method of scoring vulnerabilities to enable organizations to focus their efforts on the most critical and impactful vulnerabilities. According to the company, Common Vulnerability Scoring System (CVSS), which is used by the CVE database, flags 60% of vulnerabilities as high or critical. When Tenable VPR was launched … continue reading
