Robert Scherrer, head of application engineering at SIX, on how the company leveraged DevOps principles and benefits in the highly regulated Swiss financial industry. Engaging with compliance auditors to collaboratively agree on solutions early before it's too costly to change and avoiding legacy internal directives (not actually required by external regulations) are the main takeaways.
Microsoft launched Azure Information Protection (AIP) in early June 2016. The service aims to enable easy classification of documents both for security and taxonomy.
Supply chain management can raise the bar with continuous development, argues Joshua Corman, Director of the Cyber Statecraft Initiative and co-founder of Rugged Software. Our dependence on IT and software is growing faster than our ability to secure it, and applying supply chain approaches to software development helps to address complexity which reduces risks and increases quality.
The release of GitLab 8.9 brings a file locking, a refreshed UI, and hardware-based two-factor authentication. Teaming up with Yubico, developers can now use a hardware YubiKey to automatically authenticate a GitLab session without having to type in a 6-digit TOTP code. In addition, file locking will keep binary assets from getting destroyed during a merge.
On June 15th, Microsoft announced their vision for an open blockchain platform which will be powered by Azure. Microsoft is calling this initiative Project Bletchley, which focuses on providing the architectural building blocks for constructing an Enterprise Consortium Blockchain Ecosystem.
As mobile applications increase in popularity and as more transactions are carried out via mobile devices, security is a topic of growing concern. In his talk "Modern iOS Application Security" at QCon New York 2016, Dan Guido takes a closer look at iOS security. While Apple already provides the means to create highly secured applications, there are still threads that may render them useless.
Being a Java Champion has its perks, and thanks to the generosity of JetBrains, a free license for IntelliJ IDEA is now one of them. The Champions are the latest in the list of groups earning this special JetBrains premium, which also includes approved open source projects, students, and teachers.
Docker Inc have announced general availability of Docker Security Scanning, which was previously known as Project Nautilus. The release comes alongside an update to the CIS Docker Security Benchmark to bring it in line with Docker 1.11.0, and an updated Docker Bench tool for checking that host and daemon configuration match security benchmark recommendations.
GitLab has just announced a fix for a number of important security fixes, including a critical privilege escalation, and strongly recommends that all GitLab installations from version 8.2 onwards be upgraded immediately. InfoQ has spoken with GitLab’s Stan Hu, VP of Engineering.
Last week saw the first DevOps Days conference catering specifically to the enterprise world, in London. Talks ranged from re-thinking (traditional) management processes in a technology-disrupted world to facts and drivers of DevOps adoption by early adopters. The idea of bi-modal IT was also discussed throughout the conference, as well as need for better security and opinionated platforms.
In July 2013 Security Explorations discovered a vulnerability in Java by which attackers could elevate their access privileges. Oracle released a patch, but a simple modification was discovered that still makes the attack effective. Once known, Oracle released a patch as part of 8u77. In this article we investigate the little understood class loading process at the heart of the problem.
This article presents a review of the first day at the O'Reilly Software Architecture conference, held in New York City 12-13th April. Sessions summarised include, ‘blah, blah... microservices...blah, blah’, ‘the evolution of evolutionary architecture’, ‘Death Star Security’, ‘Twelve Patterns for Hypermedia Architecture’, ‘Architecture Without an End State’ and 'Leading Simplicity'.
Capital One launched the DevExchange Beta developer site and initial API offering last month.
While most of the attention is on .NET Core, work continues on the original .NET Framework. Recently released as a preview, version 4.6.2 is primarily focused on security and WinForms/WPF related features.
Microsoft recently announced an expansion of their Azure regions world-wide. The number of regions announced now sits at 30, with 22 being generally available (GA). The most recent wave, of Azure regions, focuses on trusted environments for government customers or regions with specific privacy needs.
CONTENT IN THIS BOX
PROVIDED BY OUR SPONSOR
Increase security on compromised platforms with Intel® SGX.
An Intel technology for application developers who are seeking to protect select code and data from disclosure or modification.
A Developer’s Perspective.
Developers have long been constrained by the security capabilities that major platform providers have exposed for application development. How Bromium and wolfSSL employ Intel® SGX to create more secure, next-generation solutions.
Learn more about the Intel SGX SDK, a collection of APIs, libraries, documentation, sample source code, and tools that allows software developers to create and debug Intel SGX enabled applications in C/C++.
Protect Application Code, Data, & Secrets from Attack.
Developers can partition their application into CPU hardened “enclaves” or protected areas of execution that increase security even on compromised platforms.
Intel Software Guard Extensions (SGX) for Dummies.
At its root, Intel® SGX is a set of new CPU instructions that can be used by applications to set aside private regions of code and data.