InfoQ Homepage Cloud Security Content on InfoQ
-
Google Cloud Adds New PCI DSS Policy Bundle to Anthos Config Management
Google has recently added Payment Card Industry Data Security Standard (PCI DSS) Policy bundle to Anthos Config Management (ACM). In its version 3.2.1, security administrators can now understand compliance with PCI DSS requirements using the Policy Controller Dashboard.
-
CloudNativeSecurityCon 2023: SBOMs, VEX, and Kubernetes
At CloudNativeSecrityCon 2023 in Seattle, WA, Kiran Kamity, founder and CEO of Deepfactor, led a panel discussion on software supply chain security, the practical side of SBOMs, and VEX.
-
Falco Project v0.34 Released: OSS Security Tool Adds Downloadable Rules and eBPF Probe
Falco, an open-source runtime security tool, recently announced their latest release version 0.34.0. Highlights of the latest release include support for older RHEL distros, the ability to download and update Falco rules at runtime, and the experimental release of a modern eBPF probe.
-
How Yahoo Secures Their Software Supply Chain at Scale: CloudNativeSecurityCon 2023
At CloudNativeSecrityCon 2023 in Seattle, WA, Hamil Kadakia and Yonghe Zhao, software engineers at Yahoo’s security team, presented on securing Software Supply Chain at Scale, and how to put together policies to safeguard against Supply Chain attacks.
-
Google Adds New Pricing Model to Its Security Command Center
Google recently announced several new updates to its Security Command Center (SCC) with a pay-as-you-go pricing model and two capabilities: deployments at the project level and self-service activation.
-
Software Supply Chain Framework OSC&R Created to Help Mitigate Security Threats
In collaboration with companies including Google, Microsoft, and GitLab, OX Security has released a security framework for assessing and evaluating software supply chain security risks. The Open Software Supply Chain Attack Reference (OSC&R) is a MITRE-like framework covering containers, open-source software, secrets hygiene, and CI/CD posture.
-
CloudNativeSecurityCon 2023: Identifying Suspicious Behaviors with eBPF
At CloudNativeSecrityCon 2023 in Seattle, WA, Jeremy Cowan and Wasiq Muhammad, both engineers at AWS, presented on identifying suspicious behaviors with eBPP, its use cases, and how AWS is using it for threat detection and protection.
-
Software Security Report Finds JavaScript Applications Have Fewer Flaws Than Java and .NET
Veracode's State of Software Security report for 2023 found that there is a 27% chance within a given month that security flaws will be introduced into an application. The report also found that JavaScript applications on average have fewer flaws and faster flaw resolution than Java and .NET applications.
-
AWS Patches Undocumented APIs Bypassing CloudTrail Event Logging
AWS recently patched undocumented IAM APIs that bypassed CloudTrail logging. The vulnerability allowed a malicious user to perform reconnaissance activities on IAM without recording events in CloudTrail or being detected by Amazon GuardDuty.
-
CNCF Kicks off CloudNativeSecurityCon NA 2023
The Cloud Native SecurityCon North America 2023 kicked off this week in Seattle. The first dedicated event focused on Cloud Native Security with over 800 attendees, 70 sessions, 50 sponsors, and vendors organized by the Cloud Native Computing Foundation (CNCF).
-
Slack's Lessons Learned from Supporting Highly Regulated Workloads on AWS GovCloud
Archie Gunasekara, staff software engineer at Slack, and Andrew Martin, staff software engineer at Slack, recently shared their learnings in building GovSlack, an instance of Slack running on the AWS GovCloud region. They shared challenges in adapting to unsupported services, account creation, and account isolation.
-
Google Boosts Sandboxed Container File System Performance by Improving gVisor
Google improved the file system implementation in gVisor, the open source isolation layer used in its commercial container-oriented offerings, such as App Engine, Cloud Run, and Cloud Functions. According to Google engineers Ayush Ranjan and Fabricio Voznika, the new gVisor file system, dubbed VFS2, may improve performance of file-intensive workloads by 50%-75% approximately.
-
Intel oneDAL Available in ML.NET
The first preview release of ML.NET 3.0, available since December, contains the integration with Intel oneAPI Data Analytics Library that leverages SIMD extensions on 64-bit architectures, which are available on Intel and AMD processors.
-
Kubernetes Report Finds Increase in Poorly Configured Workloads
Fairwinds, a provider of Kubernetes software, has released their Kubernetes Benchmark Report 2023. The report shows an overall trend of worsening configuration issues across the surveyed organizations. This includes increases in organizations running workloads allowing root access, workloads without memory limits set, and workloads impacted by image vulnerabilities.
-
Sigstore Releases Python Client
Sigstore has announced the 1.0 stable release of sigstore-python, a Python-based Sigstore-compatible client. The client provides a CLI as well as an importable Python API. It is able to sign and verify with any Sigstore-supported identity and has ambient identity detection for supported environments.