November, 2023

article thumbnail

Where to Start With Secure Design – Tips for Developers

DevOps.com

Designing secure software is an increasingly hot topic, and for good reason. In recent weeks, we’ve seen a global effort from governments and cybersecurity agencies to encourage security by design through new guidance and changes to procurement rules.

article thumbnail

50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures

Aqua Security

Aqua Nautilus researchers evaluated the vulnerability disclosure process for tens of thousands of open-source projects and found flaws in the process. These flaws allowed harvesting the vulnerabilities before they were patched and announced. This could enable attackers to exploit security holes before the project's users are alerted.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

Neurodiversity and invisible disabilities in Agile

Agile Alliance

Shedding light on the significance of accommodating neurodiversity and providing practical tips for creating an inclusive and effective Agile team. The post Neurodiversity and invisible disabilities in Agile first appeared on Agile Alliance.

Agile 297
article thumbnail

Elon Musk says X will show headlines on the platform again

TechCrunch

Elon Musk said that X, formerly Twitter, will start showing headlines in preview cards with URLs on the platform again after removing titles last month. In a post on X, Musk said in an upcoming update, the company will overlay the title in the upper portion of the image of a URL Card. He didn’t […] © 2023 TechCrunch. All rights reserved.

Company 363
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

10 cloud strategy questions every IT leader must answer

CIO

It’s no longer a question of whether organizations are moving to the cloud but rather how well it’s going. Cloud isn’t that shiny new object in the distance, full of possibility. It’s come down to earth — sometimes with an unexpected thud onto the wrong side of a company’s balance sheet. “There are so many people who bought into cloud without thinking through the real reasons why they were doing this and what they wanted to accomplish,” says David Mitchell Smith, distinguished vice president and

Strategy 358

More Trending

article thumbnail

Overloaded at Work: How to Ask For the Support You Need

Let's Grow Leaders

What to say next when you’re overloaded at work (without sounding whiny) Ever found yourself cackling at the monstrous to-do list glaring back at you, thinking “Right, that’s not happening,” only to gulp back a sob as you realize none of it’s optional? You’re overloaded at work. Stuck in a world where productivity meets panic and trying to be a ‘team player’ feels like a conspiracy against your sanity.

How To 240
article thumbnail

Introducing Netlify Blobs Beta

Netlify

At Netlify, we’re committed to building strong platform primitives that empower developers to do their best work and achieve more with less. We’re excited to announce Netlify Blobs, a general purpose data store built natively into the Netlify Composable Web Platform (CWP).

Data 144
article thumbnail

Octoverse: The state of open source and rise of AI in 2023

Github

What does it mean for a new technology to go mainstream? First released in 2005, Git was still a new open source version control system when we founded GitHub. Today, Git is a foundational element of the modern developer experience—93% of developers use it to build and deploy software everywhere 1. In 2023, GitHub data highlighted how another technology has quickly begun to reshape the developer experience: AI.

article thumbnail

Ransomware ‘catastrophe’ at Fidelity National Financial causes panic with homeowners and buyers

TechCrunch

Last Tuesday, Fidelity National Financial, or FNF, a real estate services company that bills itself as the “leading provider of title insurance and escrow services, and North America’s largest title insurance company,” announced that it had experienced a cyberattack. Since then, homeowners who have mortgages and prospective buyers who are purchasing properties with FNF or […] © 2023 TechCrunch.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

10 digital transformation roadblocks — and 5 tips for overcoming them

CIO

In today’s fast-paced business world, companies are striving to harness the power of digital technologies to reinvent their operations, enhance customer experiences, drive innovation, and thereby create value for stakeholders. But the hard truth is that many digital initiatives fail to deliver results. Transformation efforts can be derailed for any number of reasons, but there are several common themes as to why digital initiatives fall short — and most revolve around leadership.

article thumbnail

All the Small Things: Azure CLI Leakage and Problematic Usage Patterns

Prisma Clud

At the beginning of July 2023, I took a stroll around the azure/login GitHub Action repository. Looked through the repository’s issues section, I immediately noticed issue number 315. The issue was titled “ SECURITY: Azure/login in some cases leaks Azure Application Variables to the GitHub build log ”. And don’t you just love when things leak stuff?

Azure 143
article thumbnail

The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets

Aqua Security

Exposed Kubernetes secrets pose a critical threat of supply chain attack. Aqua Nautilus researchers found that the exposed Kubernetes secrets of hundreds of organizations and open-source projects allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack threat. Among the companies were SAP’s Artifacts management system with over 95 million, two top blockchain companies, and various other fortune-500 companies.

SDLC 141
article thumbnail

The Rise of the Meta City

Harvard Business Review

New York and Miami, Dubai and Cairo, the Bay Area and Austin. Pandemic-era migrations have created strong new connections between cities — and companies need to update their location strategy to keep up.

Strategy 139
article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

XSIAM 2.0: Continuing to Drive SOC Transformation

Palo Alto Networks

The Challenges of Today’s SOC Security teams have an important and difficult job – protecting their organizations from a threat landscape that is constantly changing. Based on investigations conducted by our Unit 42 team, we know that threat actors are carrying out end-to-end attacks faster, from initial compromise, all the way to data exfiltration in just a matter of hours.

Policies 128
article thumbnail

Sam Altman ousted as OpenAI’s CEO

TechCrunch

Sam Altman has been fired from OpenAI, Inc., the 501(c)(3) nonprofit that acts as the governing body for OpenAI, the AI startup behind ChatGPT, DALL-E 3, GPT-4 and other highly capable generative AI systems. He’ll both leave the company’s board of directors and step down as CEO.

ChatGPT 364
article thumbnail

Breaking down data silos for digital success

CIO

For years, IT and business leaders have been talking about breaking down the data silos that exist within their organizations. Given the importance of sharing information among diverse disciplines in the era of digital transformation, this concept is arguably as important as ever. In fact, as companies undertake digital transformations , usually the data transformation comes first, and doing so often begins with breaking down data — and political — silos in various corners of the enterprise.

Data 352
article thumbnail

A Deep Dive Into Sending With librdkafka

Confluent

Learn how to write code that produces messages via librdkafka, how it will behave during error situations, and how your application should detect and respond to them.

article thumbnail

Revolutionizing Contact Centers: Next-Gen Tech for Enhanced CX

Speaker: Liran Meir Frenkel, Performance Management and RPA Sr Product Marketing Manager at NICE; Harpreet Makan, Practice Director at Everest Group; & Santhosh Kumar, Practice Director at Everest Group

As contact centers navigate the challenges of delivering excellence within budget constraints and adapting to evolving employee expectations, optimizing agent tasks becomes crucial. Discover a holistic approach across three pillars - people, process, and technology - that is essential to excel in this dynamic landscape, and explore how next-gen technologies such as generative AI, performance analytics, and process intelligence play a pivotal role in transforming contact centers into advanced CX

article thumbnail

Looney Tunables Vulnerability Exploited by Kinsing

Aqua Security

Researchers from Aqua Nautilus have successfully intercepted Kinsing's experimental incursions into cloud environments. Utilizing a rudimentary yet typical PHPUnit vulnerability exploit attack, a component of Kinsing's ongoing campaign, we have uncovered the threat actor's manual efforts to manipulate the Looney Tunables vulnerability ( CVE-2023-4911 ).

Cloud 142
article thumbnail

How Leaders Can Create a Purpose-Driven Culture

Harvard Business Review

Companies are increasingly emphasizing a corporate purpose beyond mere profitability. The success of this integration largely hinges on organizational culture. Leaders, spanning all tiers, need to genuinely exemplify and articulate the company’s values, as demonstrated by companies like Netflix and LUSH. It’s vital for employees to perceive their daily roles as contributing to this larger purpose, with firms like Atlassian and Cisco offering noteworthy models.

Culture 140
article thumbnail

How to Navigate App Modernization Strategies for the Cloud

DevOps.com

In today’s fast-paced digital landscape, organizations continuously seek ways to innovate and enhance customer experiences while optimizing efficiency. One of the most transformative strategies is modernizing applications for the cloud. App modernization isn’t just a technology upgrade. It’s a holistic business transformation.

Strategy 123
article thumbnail

Sam Altman to return as OpenAI CEO

TechCrunch

Sam Altman is returning to OpenAI as its chief executive, the high-profile AI startup said Wednesday, capping an intense five days of discussions, debates and convincing following the sudden dismissal of Altman last week from the startup he co-founded. OpenAI, which is the most valuable U.S. startup, said it has reached an “agreement in principle” […] © 2023 TechCrunch.

361
361
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Your biggest barriers to digital transformation aren’t technical…they’re cultural

CIO

As an infrastructure and security practitioner with nearly 30 years of experience, I’ve witnessed periods of rapid change in the technology landscape. However, I have seen a lot of things stay practically the same. Historically, our jobs as infrastructure and security professionals have involved installing the “plumbing” that ensures organizations remain connected through traditional networking and security practices.

article thumbnail

ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services

Tenable

Unpatched Apache Airflow instances used in Amazon Web Services (AWS) and Google Cloud Platform (GCP) allow an exploitable stored XSS through the task instance details page. Managed services for Apache Airflow in AWS (Amazon Managed Workflows for Apache Airflow) and GCP (Google Cloud Composer) provide scalable and secure orchestration of data workflows using Apache Airflow — an open-source platform to programmatically author, schedule and monitor workflows.

article thumbnail

November 2023 Patch Tuesday

Ivanti

November 2023 Patch Tuesday has arrived and has a lower overall CVE count than previous months, but includes some urgent fixes that organizations will want to take note of. This month is also the first patch cycle for Server 2012 and 2012 R2 extended support (ESU). On the third-party side, Adobe has released updates and an update from Google Chrome Stable Channel has been updated.

Windows 121
article thumbnail

How to Self-Promote — Without Sounding Self-Centered

Harvard Business Review

Promoting your own accomplishments can feel uncomfortable, and poses a dilemma: It can make you appear more confident and capable, but can also make you seem less warm, less friendly, and more selfish. On the other hand, self-deprecation or deflecting credit, may make you seem approachable but it diminishes your competency. New research, based on a series of 11 studies, suggests that dual promotion — in which you compliment a colleague or peer while talking about your own accomplishments — can b

How To 136
article thumbnail

Use Cases for Apache Cassandra®

There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.

article thumbnail

Scanning KBOM for Vulnerabilities with Trivy

Aqua Security

Early this summer we announced the release of Kubernetes Bills of Material (KBOM) as part of Trivy, our all in one, popular open source security scanner. In the blog we discussed how KBOM is the manifest of all the important components that make up your Kubernetes cluster: Control plane components, Node Components, and Addons, including their versions and images.

article thumbnail

Okta admits hackers accessed data on all customers during recent breach

TechCrunch

U.S. access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems, despite previously stating that only a fraction of customers were affected. Okta confirmed in October that a hacker used a stolen credential to access its support case management system and steal […] © 2023 TechCrunch.

Data 354
article thumbnail

Low-code: An Accelerator for Digital Transformation

CIO

Digital transformation is expected to be the top strategic priority for businesses of all sizes and industries, yet organisations find the transformation journey challenging due to digital skill gap, tight budget, or technology resource shortages. Amidst these challenges, organisations turn to low-code to remain competitive and agile. Taking the programmer out of software development, low-code provides tools that enable people with minimal training and coding skills to create and adapt applicati