Oracle released their latest Critical Patch Update (CPU), containing 144 new security fixes across all product families, including 36 for Java SE.
Google have announced general availability of their Cloud SQL service. At launch the service comes with automatic encryption of customer data, a 99.95% uptime SLA and support for databases up to 500GB in size.
Facebook has open sourced Conceal, a set of Java APIs for file encryption and authentication on Android. Conceal uses a subset of OpenSSL’s algorithms and predefined options in order to keep the library smaller, currently being 85KB.
In December 2013, Intel announced its plans to push its latest Intel XDK NEW to the mainstream by making it the official Intel XDK version and inviting all developers to migrate from the previous one by the end of February 2014. Let's look at what Intel XDK is and what is new in its latest release.
The recent Snowden revelations have impacted the IETF HTTP/2 Working Group and how the protocol should handle encryption, i.e., should it be mandated? Mark Nottingham, the Working Group chair, shares his thoughts on the discussions so far and gives a clue as to how he sees it being resolved given information so far. He concludes by asking anyone with an opinion to share it with the Working Group.
It's one thing having an in-house training program. But there is a certain deeper insight that can be gained from attending a Q-Con conference in person. Which may be one reason why attendance at the globe-hopping event continues to grow.
Agile suggest that teams should fail-fast to enable quick learning from mistakes. Learning from failure is one approach, you can also learn early and fast from successes, by doing experimentation, or by using a plan for knowledge acquisition.
With the introduction of Android 4.4, developers are being asked to change the way symmetric keys are generated from Unicode passphrases via the SecretKeyFactory.
Mirage OS is a ‘cloud operating system’ that seeks to avoid security vulnerabilities and bloat by facilitating the creation of single purpose virtual appliances. Applications are developed in the OCaml functional programming language and compiled into standalone ‘unikernels’ that run directly on the Xen hypervisor.
Mozilla Firefox 26 now blocks all Java plug-ins by default due to security concerns but allows users to run such plug-ins if they want to.
Amazon announced a number of new services at the recent re:invent conference in Las Vegas: Amazon WorkSpaces - Desktop Computing in the Cloud, Identity and Access Management using SAML, Amazon AppStream - Delivering Streaming Applications from the Cloud, Amazon Kinesis - Streaming Big Data, CloudTrail - Capturing AWS API Activity, Postgres support in RDS and new EC2 instance types
James Wickett, from Gauntlt core team, gave a tutorial at Velocity Conf London about integrating security testing in the continuous integration cycle for early feedback on application security level. James stressed the importance of regularly checking for security as release delivery rates increase with continuous delivery.
Following recommendations by the US National Institute of Standards and Technology, Microsoft intends to stop honoring SHA1 for SSL and Code Signing certificates. This policy will begin in 2017 and applies to Windows Vista, Windows Server 2008, and later operating systems.
Enterprises that are adopting agile organizational-wide will at some time have to scale their agile practices. In a session at the Agile Methods in the Finance Sector and Complex Environment conference, attendees shared their experiences with scaling agile in enterprises.
To enable development of secure products, processes covering the software development life cycle have to include security activities. Winfried Russwurm from Siemens and Peter Panholzer from Limes Security facilitated a workshop at the SEPG Europe 2013 conference where they explored security activities and presented the Application Guide for Improving Processes for Secure Products.