As the threats to Information security multiply and evolve each year, our colleague Kosae wasn’t at all surprised to witness the rapid growth of the cybersecurity market at the recent it-sa. In an era where cyber attacks become more sophisticated and frequent, it’s clear that organizations are increasingly prioritizing security measures. This annual gathering showcased some of the latest advancements, strategies, and insights within the field.
The benefits of automated dependency updates are clear and compelling, yet many development teams face challenges in selecting the right tools. In this article, we offer practical tips to help you harness these tools effectively and unlock their full potential.
In Anlehnung an unsere Serie zu den großen EU-Cloudanbietern schauen wir in diesem Artikel mit IBM auf einen weiteren Cloudanbieter, der für hochregulierte Märkte geeignet sein kann.
Facing the escalating number of reported Common Vulnerabilities and Exposures (CVEs), Veracode offers a solution providing comprehensive tools for detection and remediation of security vulnerabilities. The article further delves into how Veracode Collections contributes to overcoming limitations in traditional scanning approaches, allowing a more efficient and customized security review of complex microservice architectures.
Supply Chain Security is an important topic. We have seen this with huge security issues which had received a lot of media attention like Log4j commonly known as "Log4Shell" and just recently the attack on liblzma which was given a 10.0 score on the CVE, which is the...
A deep-dive into the topic of zero-trust architecture with a look on the history of zero-trust, an implementation example as well as the questions and challenges that arose during its implementation.
This year we made a comparison of different tools. Our author Markus describes how we proceeded with the evaluation and what our takeaways were.
In this article we show how you can improve the security of your software supply chain without spending money for software licenses. For this, we present useful open-source tools for automated dependency updates, vulnerability scanning of dependencies, license scanning, SBOM generation, secret detection and scanning of infrastructure as code for vulnerabilities and misconfiguration.
Our authors Pascal and Bastian investigated the Google Software Delivery Shield which is Google’s fully managed solution for software supply chain security. In this article they describe how software supply chain security can be achieved during the different steps of the software development lifecycle with the Google Software Delivery Shield.
Our author Daniel gives an introduction into Software Supply Chain Security in software development processes and highlights its importance. The article stresses how neglecting security in the software development process can lead to successful attacks, compromising users‘ data and systems. It also provides tips on achieving Software Supply Chain Security, including scanning for vulnerabilities, updating dependencies, and secret detection.