With the introduction of Android 4.4, developers are being asked to change the way symmetric keys are generated from Unicode passphrases via the SecretKeyFactory.
Mirage OS is a ‘cloud operating system’ that seeks to avoid security vulnerabilities and bloat by facilitating the creation of single purpose virtual appliances. Applications are developed in the OCaml functional programming language and compiled into standalone ‘unikernels’ that run directly on the Xen hypervisor.
Mozilla Firefox 26 now blocks all Java plug-ins by default due to security concerns but allows users to run such plug-ins if they want to.
Amazon announced a number of new services at the recent re:invent conference in Las Vegas: Amazon WorkSpaces - Desktop Computing in the Cloud, Identity and Access Management using SAML, Amazon AppStream - Delivering Streaming Applications from the Cloud, Amazon Kinesis - Streaming Big Data, CloudTrail - Capturing AWS API Activity, Postgres support in RDS and new EC2 instance types
James Wickett, from Gauntlt core team, gave a tutorial at Velocity Conf London about integrating security testing in the continuous integration cycle for early feedback on application security level. James stressed the importance of regularly checking for security as release delivery rates increase with continuous delivery.
Following recommendations by the US National Institute of Standards and Technology, Microsoft intends to stop honoring SHA1 for SSL and Code Signing certificates. This policy will begin in 2017 and applies to Windows Vista, Windows Server 2008, and later operating systems.
Enterprises that are adopting agile organizational-wide will at some time have to scale their agile practices. In a session at the Agile Methods in the Finance Sector and Complex Environment conference, attendees shared their experiences with scaling agile in enterprises.
To enable development of secure products, processes covering the software development life cycle have to include security activities. Winfried Russwurm from Siemens and Peter Panholzer from Limes Security facilitated a workshop at the SEPG Europe 2013 conference where they explored security activities and presented the Application Guide for Improving Processes for Secure Products.
Apigee Edge now supports Node.js and has open sourced Volos, a project containing a set of API management modules.
Last week, Oracle released a Critical Patch Update, which included 127 new security fixes for the Oracle ecosystem of products, including Java SE, amongst others. There were 51 critical security fixes for Java, which affects both client and server deployments.
The recently released Visual Studio 2013 includes new project templates with several improvements which enables developers to build projects and applications faster.
With all of the recent concern over the US government’s National Security Agency (NSA) some of the attention has turn to the possibility of backdoors. Back in 2003 someone attempted to insert a backdoor into the Linux kernel. Though caught, it illustrates how seemingly innocuous changes can introduce vulnerabilities and the importance of tractability in source control.
Jérôme Petazzoni, senior engineer at dotCloud, examined the progress of security concerning Docker compared with other virtualization and container like technology in his recent blog post "CONTAINERS & DOCKER: HOW SECURE ARE THEY?". Jérôme makes a case for the techniques that secure Docker, in spite of the acknowledgement that improvements are needed.
Projects and product development is one long series of difficult decisions, says Pascal Van Cauwenberghe. Real Options can help you to take the right decision at the right time, even under difficult circumstances. At the Agile Tour Brussels conference, Pascal presented stories of his experiences with using real options in decision taking.
Visual Studio 2013 Developer Preview ships with ASP.NET MVC 5 which enables developers to apply authentication filters that provides an ability to authenticate users using various third party vendors or a custom authentication provider. Eric Vogel recently demonstrated its usage with an example using source codes.