InfoQ Homepage Security Content on InfoQ
-
Microsoft Launches Trusted Signing in Public Preview: an End-to-End Signing Solution for Developers
Microsoft recently launched Trusted Signing in Public Preview, a fully-managed end-to-end signing solution for developers backed by a Microsoft-managed certification authority.
-
Understanding Email Threats with Cloudflare Radar
Cloudflare recently announced the launch of a new Email Security section on Cloudflare Radar. This section will provide insights into the current state of email security. The new metrics offer real-time visibility into email-borne threats, allowing organizations to correlate trends within their environment with broader security observations from Cloudflare.
-
SSH Backdoor from Compromised XZ Utils Library
When Microsoft engineer Andres Freund noticed SSH was taking longer than usual, he discovered a backdoor in xz utils, one of the underlying libraries for systemd, that had taken years to be put in place. The backdoor had found its way into testing releases of Linux distributions like Debian Sid, Fedora 41 and Fedora Rawhide but was caught before propagating into more highly used stable releases.
-
Application Security Optimised for Engineering Productivity
Laura Bell Main presented a webinar on 2024 trends in application security. She called out a shift from siloed DevSecOps initiatives to building an understanding of dev friction, and presenting solutions which optimise engineering productivity. Nikki Robinson also recently spoke about the importance of taking a developer experience targeted approach to security platform engineering.
-
Shadow API Detection for Google Cloud Environments in Preview
During Google Cloud Next, Google announced the preview release of shadow API detection in Advanced API Security, part of the Apigee API Management solution. This managed API Broker service in the Google Cloud allows users to design, secure, deploy, monitor, and analyze APIs.
-
Borderless Cloud at QCon London: Q&A with Adora Nwodo
At QCon London, Adora Nkowno, senior software engineer at NexaScale, discussed the complexities of seamlessly integrating multiple clouds into application architecture, deployment processes, and CI/CD pipelines. Her session was part of the Cloud-Native Engineering track on the first day of the conference, and InfoQ did an interview.
-
Azure API Management Basic V2 and Standard V2 GA: Enhancing Scalability, Security, and Networking
Microsoft recently announced the general availability of new pricing tiers for Azure API Management, Basic v2, and Standard v2. It offers scalability and flexibility to support various development projects, from small to enterprise-level applications.
-
Efficient DevSecOps Workflows with a Little Help from AI: Q&A with Michael Friedrich
At QCon London, Michael Friedrich, senior developer advocate at GitLab, discussed how AI can help in DevSecOps workflows. His session was part of the Cloud-Native Engineering track on the first day of the conference. InfoQ interviewed Friedrich after the session.
-
Will C++ Become a Safe Language Like Rust and Others?
In a recent article, C++ expert and ISO C++ Committee Chair Herb Sutter expressed his views about what it takes to make C++ a safe language in the guise of Rust and other memory-safe languages (MSLs). His recipes include relying on tooling, as is the case with other MSLs, promoting safe language features, pushing unsafe features behind compiler flags, and more.
-
Microsoft AI-Driven Security Tool Copilot for Security is Now GA
Microsoft recently announced the general availability of Copilot for Security, a generative Artificial Intelligence (AI) security product designed to help security and IT teams with the capabilities to protect their digital assets.
-
ASP.NET Core Updates in .NET 9 Preview 2: Blazor, OIDC, OAuth and Configuring HTTP.sys
Microsoft released .NET 9 Preview 2 which contains some updates regarding ASP.NET Core: Blazor component constructor injection, and WebSocket compression for Blazor interactive server components. Furthermore, developers can streamline authentication integration by customising OIDC and OAuth parameters and configuring HTTP.sys extended authentication flags.
-
Google Cloud Launches Security Command Center Enterprise
Google Cloud has launched Security Command Center (SSC) Enterprise, a cloud risk management solution that offers proactive cloud security with enterprise security operations. The solution helps customers manage and mitigate risk across multi-cloud environments and is enhanced by Mandiant expertise.
-
Falco, Cloud-Native Security Tool for Kubernetes, Graduates from CNCF
CNCF announced the graduation of Falco, a tool designed for Linux systems and a de facto Kubernetes threat-detection engine. The project successfully met all graduation requirements, including undergoing the due diligence process, completing a third-party security audit, and obtaining the software licensing approvals.
-
Enhanced Protection for Large Language Models (LLMs) against Cyber Threats with Cloudflare for AI
Cloudflare recently announced a new capability called Firewall for AI in its Web Application Firewall (WAF) offering. The capability adds a new layer of protection that will identify abuse and attacks before they reach and tamper with Large Language Models (LLMs).
-
GUAC Joins OpenSSF as Incubating Project
The Graph for Understanding Artifact Composition (GUAC) has joined the Open Source Security Foundation (OpenSSF) as an incubating project. GUAC provides a tool and underlying API to analyse and visualise software bill of materials (SBOM) along with threat intelligence feeds to determine whether vulnerabilities impact an application.