Software providers everywhere are under attack by cyber threat actors. Whether it’s a ransomware, the latest zero-day exploit, or a highly sophisticated, well-resourced, and persistent supply chain like SUNBURST, our entire industry faces an increasingly treacherous threat landscape, and nearly every news day brings with it another wave of announcements and urgent system updates to be made.

JFrog Artifactory and JFrog Xray recently underwent a rigorous hardening process to earn accreditation for inclusion in the U.S. Department of Defense’s Iron Bank, a centralized repository of digitally-signed and hardened container images. In this blog post, we’re pulling back the curtain on the process, in order to share our insights and lessons learned with our customers and with the DevOps community at large.

Defending against security threats is a full-time job. The question is: Whose job is it? Our cybersecurity landscape is in constant flux, with more users having increased access to corporate data, assets, APIs, and other entry points into the organization.

In this blog, we will cover the various requirements you need to meet to achieve NIST 800-53 compliance, as well as how Sysdig Secure can help you continuously validate NIST 800-53 requirements for containers and Kubernetes. NIST 800-53 rev4 is deprecated since 23 September 2021 Read about the differences between versions down below →

As software applications grow in scale and complexity, the surface areas for security vulnerabilities and exploits grow with it. Modern development practices include large amounts of code reuse. First, in the form of language-specific standard libraries such as the C++ STL, the Golang standard library, and Microsoft.NET. Second, in the form of open-source libraries found on places like Github. Much of this code is built using other libraries, introducing a web of dependencies into modern software.

Internet-facing applications are some of the most targeted workloads by threat actors. Securing this type of application is a must in order to protect your network, but this task is more complex in Kubernetes than in traditional environments, and it poses some challenges. Not only are threats magnified in a Kubernetes environment, but internet-facing applications in Kubernetes are also more vulnerable than their counterparts in traditional environments.

Stop what you’re doing and make your passwords more secure! How, you ask? Read on to find out. It’s become very anecdotal when we speak about passwords for our online accounts and why these might matter. We all take this very lightly and assume that no one can guess or work out what our passwords are and thus we think no one will be able to access our most sensitive information be it online bank accounts, Amazon accounts, or your emails. We are wrong.

To release reasonably secure products, vendors must integrate software security processes throughout all stages of the software development lifecycle. That would include product architecture and design; implementation and verification; deployment and monitoring in the field; and back again to design to address the changing threat landscape, market needs, and product issues.

As you scale microservices adoption in your organization, the chances are high that you are managing multiple clusters, different environments, teams, providers, and different applications, each with its own set of requirements. As complexity increases, the question is: How do you scale policies without scaling complexity and the risk of your applications getting exposed?

Chatbots and Virtual Assistants (VAs) are becoming increasingly popular as businesses accommodate the diverse needs of the digital industry. These tools give companies, no matter how small, the ability to answer their audiences, provide assistance, and solve problems, driving traffic during off-hours and with minimal staff. As a result, chatbots are one of the most effective features you can add to your website. And yet, chatbots present a risk.