InfoQ Homepage Security Content on InfoQ
-
Regionally-Scoped Google’s Cloud Armor Security Policies
Google announced the general availability of regionally-scoped security policies for Google Cloud Armor: Google's premier DDoS defense and Web Application Firewall (WAF) solution.
-
Custom GPTs from OpenAI May Leak Sensitive Information
After it was reported that OpenAI has started rolling out its new GPT Store, it was also discovered that some of the data they’re built on is easily exposed. Multiple groups have begun finding that the system has the potential to leak otherwise sensitive information.
-
Amazon Route 53 Resolver Introduces DNS over HTTPS Support for Enhanced Security and Compliance
AWS recently announced that Amazon Route 53 Resolver will support using the Domain Name System (DNS) over HTTPS (DoH) protocol for both inbound and outbound Resolver endpoints.
-
The Upsides and Downsides of Open Source Adoption
Benefits of open source projects are supporting rapid innovation, the flexibility provided to customize and adapt tools, and transparency of the code which can enhance security efforts. The downsides are that security by obscurity doesn’t apply, open source is potentially prone to abuse, and when open source tools are not backed up by companies, it might result in a lower level of maintainability.
-
GitLab Launches Browser-Based Dynamic Application Security Testing (DAST) Scan
GitLab has recently introduced a browser-based Dynamic Application Security Testing (DAST) feature in version 16.4 (or DAST 4.0.9). This development is part of GitLab's ongoing efforts to enhance browser-based DAST by integrating passive checks. The release includes active check-in capabilities.
-
Zoom Open-sources New Vulnerability Impact Scoring System VISS
Zoom Vulnerability Impact Scoring System, or VISS for short, aims to help organizations enforce security measures based on a new approach to vulnerability scoring that prioritizes actual demonstrated impact over theoretical security impact possibilities.
-
Seven Essential Tracks at QCon London 2024: GenAI, FinTech, Platform Engineering & More!
InfoQ’s international software development conference, QCon London, returns on April 8-10, 2024. The conference will feature 15 carefully curated tracks and 60 technical talks over 3 days.
-
eBPF Kubernetes Security Tool Tetragon Improves Performance and Stability
Isovalent has announced the 1.0 release of Cilium Tetragon, their eBPF-based Kubernetes security observability and runtime enforcement tool. Policies and filters can be applied directly via eBPF to monitor process execution, privilege escalations, and file and network activity.
-
GitHub Dependabot Gets Customizable Auto-Triage Rules to Reduce False Positives
After launching Dependabot's auto-dismiss policies a few months ago to reduce the number of false positive alerts, GitHub is now adding custom rules support for developers to define the criteria to auto-dismiss and reopen alerts.
-
Cloudflare One Data Protection Suite for Data Security across Web, Private, and SaaS Applications
Cloudflare recently announced its One Data Protection Suite, a unified set of advanced security solutions designed to protect data across every environment – web, private, and SaaS applications. The company states the suite is powered by Cloudflare’s Security Service Edge (SSE), allowing customers to streamline compliance in the cloud, mitigate data exposure and loss of source code.
-
AWS Launches AWS Private CA Connector for Active Directory
AWS recently launched the AWS Private Certificate Authority (CA) Connector for Active Directory (AD). It is a new feature that allows enterprises to use AWS Private CA as a drop-in replacement for self-managed enterprise certificate authorities without the need to deploy, patch, or update local agents or proxy servers.
-
Terraform Cloud Supports Ephemeral Workspaces in Public Beta
Ephemeral workspaces allows their users to set timeouts to automatically destroy unused resources, reducing infrastructure costs and the effort required for manual resource clean-up. Ephemeral workspaces are now available in public beta on Terraform Cloud Plus.
-
OpenSSF New Manifesto Urges the Software Industry to Take Responsibility for Open Source Security
The Open Source Consumption Manifesto from OpenSSF aims to make the software industry more aware of its responsibility when it comes to ensuring the software supply chain remains secure and healthy.
-
A Ruthless Approach for Better Security by Identifying Key Risks and Ignoring Others
Risk management techniques can be used to decide which security and privacy aspects are important. You can simplify the risk impact calculations by identifying low, medium and high and critical losses, and by taking likelihoods from the industry to do likelihood calculations. This helps you to identify a few key risks, and ruthlessly ignore the rest.
-
Enhancing Security with Google Cloud's Service Account Key Expiry Feature
Google Cloud has recently introduced service account key expiry to address security challenges associated with long-lived service account keys. With this capability, the company states that "customers can now configure an Organization Policy at the organization, folder, and project level to limit the usable duration of new service account keys”.