Google plans to limit the lifespan of digital certificates from a maximum of two years to just over one year, with the aim of reducing the window of opportunity for attackers to use fraudulent certificates to hijack HTTPS sites, according to a proposal it put forward last week. The policy change wou.. read more  

- Snyk has risen to the leader category in Gartner's latest application security testing ranking, while HCL Software has fallen to a challenger. - Synopsys still stands head and shoulders above the competition, emphasizing a strong execution ability, but Snyk's strong vision in cloud, containers, an.. read more  

CrowdStrike is set to roll out a generative AI assistant called Charlotte, which will answer users' questions about vulnerable systems and recommend actions in real-time based on an analysis of threat intelligence. The company has trained Charlotte on its own information security events, telemetry a.. read more  

GitHub announces the widely available application security testing tool for subscribers of Microsoft's Azure DevOps service - GitHub Advanced Security for Azure DevOps. The tool helps identify vulnerabilities and prevent exposure of secrets in Azure Repos while providing guidance to mitigate these i.. read more  

CrowdStrike's recent report reveals that the Labyrinth Chollima threat moved up in rank, with a significant increase in activity. The report also highlights a supply chain compromise involving malicious code in a softphone application. Defender preparation, detection, and response are key to reducin.. read more  

AWS KMS offers different options for key management; letting AWS manage the key is a common query, however. AWS offers three options for encryption: their own manage key (transparently), AWS key management with limited control or customer-managed key (CMK)... read more  

DevSecOps pipelines and golden paths secure the software delivery pipeline but not the entire development lifecycle. Monitoring production and implementing Governance Engineering can detect unauthorized changes, ensure compliance, and mitigate risks for a more secure DevOps environment... read more  

Penetration testers use GitHub repositories to find vulnerabilities in open source applications. They analyzed the pfSense repository to determine the version of the target application. They wrote scripts to retrieve directory contents and compare files across different versions, saving the results .. read more  

Ensuring network security: The importance of conducting a comprehensive network security risk assessment to safeguard against cyberattacks, address vulnerabilities, and build trust with stakeholders and customers... read more  

Discover how to choose the right vulnerability scanning product for your business and get started with vulnerability scanning... read more