SEARCH
Archive
Give IT a Break from Software Updates
Microsoft said it will pause non-security Windows updates beginning in May as part of its plan to reduce the update pressure on IT and security teams, as they are busy keeping organizations operational during the COVID-19 pandemic. Other software companies are adjusting their release schedules, recognizing that IT and security teams are currently stretched thin.
GitHub’s npm Acquisition Will Boost JavaScript Security
The security of the JavaScript software ecosystem will get a significant boost with GitHub acquiring npm, which hosts and maintains the Node package manager and the package registry. GitHub has the resources to invest in robust and stable infrastructure, thorough vetting of software packages, and integration into GitHub's other services.
Older Bugs in Software Add to Security Debt
In the rush to fix newer vulnerabilities, the older ones are left unaddressed. The resulting security debt increases the organization's risk of a breach, Veracode warned.
GitHub Brings Automated Fixes With Dependabot
GitHub rolled out several new features designed to help developers write secure code at its recent GitHub Satellite conference last week in Berlin.
Applications Using Apache .htaccess at Risk for Attacks
The original vulnerability may be in a jQuery plugin, but the disconnect in how web developers use .htaccess with the Apache web server and how the server is actually configured means there are potentially more applications out there that are vulnerable to attack.