Security | News, how-tos, features, reviews, and videos
A new group of maintainers is proceeding with an ‘official’ version of the Faker JavaScript library after the previous maintainer went rogue.
After acquiring NeuVector last year, Suse wasted no time in open sourcing the ‘full lifecycle’ container security platform for all Kubernetes users.
Strengthening the software supply chain must be priority No. 1 in the new year. Here are three areas to focus on.
A single answer to technical questions, cheaper security, and skills on demand are the biggest items on the 2022 wish lists.
Why you may already be at risk, how to detect and mitigate the Log4j vulnerabilities now, and how to improve your code security in the future.
In the aftermath of Log4Shell, generating software bills of materials and quickly accessing their information will be critical to addressing the new realities of software supply chain vulnerabilities and attacks.
A group of developers and maintainers scrambled to secure the Log4j vulnerability over the weekend, but there is still a lot of work to do to clean up the mess.
Microsoft’s Ratify proposal adds a verification workflow to Kubernetes container deployment.
A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours?
Open source Trivy plugs into the software build process and scans container images and infrastructure-as-code files for vulnerabilities and misconfigurations.