GitHub Improves Vulnerability Workflows and Becomes CVE Numbering Authority

Source:- Along with Semmle acquisition, GitHub has disclosed a number of improvements aimed to make it easier for maintainers and developers to fix and protect against vulnerabilities. This includes the possibility of creating a security advisory and assigning it a CVE number directly from GitHub UI. As GitHub senior vice president Shanku Niyogi explains, when a project maintainer or anyone with admin privileges for a repository discovers a vulnerability, they can now create a draft security advisory, which provide a private area to

Read more

Security Strategies for DevOps, APIs, Containers and Microservices

Source – securityboulevard.com More and more IT professionals see DevSecOps, a practice which integrates security measures earlier in the development process to improve production code quality, as a mainstay for future application development. Much of this stems from the growing trend towards speeding up application development through adopting architectures using DevOps, containers and microservices, as well as supporting automation toolchains and frameworks. This trend presents an opportunity for cybercriminals, who are increasingly turning their attention to security gaps and vulnerabilities in

Read more