Experimental News Clipping Site

Tag: secure software development

  • Microsoft Security Blog: Microsoft’s Secure by Design journey: One year of success

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/04/17/microsofts-secure-by-design-journey-one-year-of-success/ Source: Microsoft Security Blog Title: Microsoft’s Secure by Design journey: One year of success Feedly Summary: Read about the initiatives Microsoft has undertaken over the past 18 months to support secure by design, secure by default, and secure in operations objectives as part of our SFI Initiative. The post Microsoft’s Secure by…

  • Unit 42: OH-MY-DC: OIDC Misconfigurations in CI/CD

    by

    Kurt Seifried
    in

    Source URL: https://unit42.paloaltonetworks.com/oidc-misconfigurations-in-ci-cd/ Source: Unit 42 Title: OH-MY-DC: OIDC Misconfigurations in CI/CD Feedly Summary: We found three key attack vectors in OpenID Connect (OIDC) implementation and usage. Bad actors could exploit these to access restricted resources. The post OH-MY-DC: OIDC Misconfigurations in CI/CD appeared first on Unit 42. AI Summary and Description: Yes Summary: The…

  • The Register: Too many software supply chain defense bibles? Boffins distill advice

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/20/software_supply_chain_defense/ Source: The Register Title: Too many software supply chain defense bibles? Boffins distill advice Feedly Summary: How to avoid another SolarWinds, Log4j, and XZ Utils situation Organizations concerned about software supply chain attacks should focus on role-based access control, system monitoring, and boundary protection, according to a new preprint paper on the…

  • Hacker News: Constant-time coding will soon become infeasible

    by

    Kurt Seifried
    in

    Source URL: https://eprint.iacr.org/2025/435 Source: Hacker News Title: Constant-time coding will soon become infeasible Feedly Summary: Comments AI Summary and Description: Yes Summary: This paper discusses the challenges and shortcomings associated with writing secure cryptographic software that is free from timing-based side-channels. It presents a pessimistic view on the feasibility of constant-time coding, suggesting that failures…

  • Cloud Blog: Cloud CISO Perspectives: New AI, cybercrime reports underscore need for security best practices

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-new-ai-cybercrime-reports-underscore-need-security-best-practices/ Source: Cloud Blog Title: Cloud CISO Perspectives: New AI, cybercrime reports underscore need for security best practices Feedly Summary: Welcome to the first Cloud CISO Perspectives for February 2025. Stephanie Kiel, our head of cloud security policy, government affairs and public policy, discusses two parallel and important security conversations she had at…

  • Hacker News: Microsoft Go 1.24 FIPS changes

    by

    Kurt Seifried
    in

    Source URL: https://devblogs.microsoft.com/go/go-1-24-fips-update/ Source: Hacker News Title: Microsoft Go 1.24 FIPS changes Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the advancements in Go 1.24’s cryptography packages towards achieving FIPS 140-3 compliance, emphasizing significant changes that enhance security for developers using Go. Key improvements include native support for FIPS-compliant libraries, streamlined…

  • Anchore: 2025 Cybersecurity Executive Order Requires Up Leveled Software Supply Chain Security

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/2025-cybersecurity-executive-order/ Source: Anchore Title: 2025 Cybersecurity Executive Order Requires Up Leveled Software Supply Chain Security Feedly Summary: A few weeks ago, the Biden administration published a new Executive Order (EO) titled “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity”. This is a follow-up to the original cybersecurity executive order—EO 14028—from…

  • NCSC Feed: A method to assess ‘forgivable’ vs ‘unforgivable’ vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://www.ncsc.gov.uk/report/a-method-to-assess-forgivable-vs-unforgivable-vulnerabilities Source: NCSC Feed Title: A method to assess ‘forgivable’ vs ‘unforgivable’ vulnerabilities Feedly Summary: Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement. AI Summary and Description: Yes Summary: This text addresses a pressing issue in software security, focusing on the categorization of vulnerabilities…

  • NCSC Feed: Eradicating trivial vulnerabilities, at scale

    by

    Kurt Seifried
    in

    Source URL: https://www.ncsc.gov.uk/blog-post/eradicating-trivial-vulnerabilities-at-scale Source: NCSC Feed Title: Eradicating trivial vulnerabilities, at scale Feedly Summary: A new NCSC research paper aims to reduce the presence of ‘unforgivable’ vulnerabilities. AI Summary and Description: Yes Summary: The NCSC’s 2024 Annual Review highlights the necessity of addressing foundational vulnerabilities in software to enhance global digital resilience. It emphasizes the…