Home > News > featured news > Spectral has joined the Open Source Security Foundation to help Strengthen Open-Source Software Security

DATA SECURITY

Spectral has joined the Open Source Security Foundation to help Strengthen Open-Source Software Security

Spectral | April 27, 2021

Spectral, the developer first software safety organization, declared they have become supporters of the Open Source Security Foundation (OpenSSF). Spectral is currently an individual from OpenSSF's developing worldwide local area expecting to improve the security of open-source programming.

OpenSSF is cross-industry cooperation zeroed in on measurements, tooling, weakness divulgences, security tooling, best practices, and then some, to get the open-source environment and improve the security of open-source programming (OSS). OpenSSF unites pioneers from around the world to give a discussion to genuinely collective, cross-industry endeavors.

Spectral is a developer first software safety solution that finds and ensures against exorbitant security botches in code, setup, and other engineer resources. Otherworldly utilizes the main mixture examining motor, that consolidates AI and many indicators to discover and ensure against hurtful security blunders in code, solutions, and different ancient rarities.

In accordance with OpenSSF's main goal, Spectral as of late delivered Teller, an open-source instrument that assists developers with recovering and utilize touchy access subtleties. At the point when engineers need to get to mysteries, they frequently need to depend on utilizing homebrewed custom content or duplicating privileged insights from a vault to their neighborhood advancement climate. Teller is the principal open-source secret supervisor addressing the "last mile issue" by giving a developer cordial, normalized strategy for getting to and utilizing mysteries that protects touchy data.

"Spectral's main goal is to empower developers to assemble and dispatch programming at scale without stress. We feel that the OpenSSF activity is the ideal scene to examine and improve open source security and is a characteristic stage that engages engineers. The Spectral group is glad to take part in the functioning gatherings and offer their ability in security investigation and exploration of innovation stacks at scale, engineer insight (DX) and tooling, open-source codebases examination and patterns, developer social investigation, however a definitive objective of improving open source security and engineer bliss," said Dotan Nahum, CEO and prime supporter of Spectral.

About Spectral

Spectral is a lightning-quick, developer first software protection solution that goes about as a control plane over source code and other engineer resources. It finds and ensures against hurtful security blunders in code, designs, and different antiquities. Spectral utilizes the principal cross breed checking the motor, consolidating AI and many locators, guaranteeing engineers can code with certainty while shielding organizations from signific

Spotlight

How this Pharmaceuticals Company Consolidated Their Security Tools and Established Better Visibility into its Security Environment with Difenda

In 2018, a large manufacturing organization experienced a ransomware attack resulting in a material security breach. The incident highlighted the need for a comprehensive cybersecurity program with greater visibility. The challenge was to implement a solution that was easy to manage and cost-effective while ensuring their sensit

More featured news

Spotlight

How this Pharmaceuticals Company Consolidated Their Security Tools and Established Better Visibility into its Security Environment with Difenda

In 2018, a large manufacturing organization experienced a ransomware attack resulting in a material security breach. The incident highlighted the need for a comprehensive cybersecurity program with greater visibility. The challenge was to implement a solution that was easy to manage and cost-effective while ensuring their sensit

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Veracode Introduces Intelligent Software Security With Launch of Veracode Fix

Businesswire | April 19, 2023

Veracode, a leading provider of intelligent software security solutions, today launches Veracode Fix, a new AI-powered product. Trained on Veracode’s proprietary dataset, Veracode Fix suggests remediations for security flaws found in code and open-source dependencies. Shifting the Paradigm from Merely ‘Find’ to ‘Find and Fix’ “For far too long, organizations have had to choose between remediating software security flaws and meeting aggressive deadlines to push code into production. Veracode Fix makes it possible to deliver more secure software faster, at lower cost, and with higher confidence,” said Brian Roche, Chief Product Officer at Veracode. “Through the power of AI and machine learning, leveraging GPT (Generative Pre-trained Transformer) technology, we’ve revolutionized the way developers and security teams address software security issues. Nearly two decades ago, Veracode pioneered a new industry standard as a cloud-based SaaS security platform. Today, we set a new bar, moving beyond application security testing to intelligent software security.” Since its inception in 2006, Veracode has been committed to helping organizations find, understand, and remediate software security risk. The release of Veracode Fix brings software security to the next level by changing the scope of application security from merely ‘find’ to ‘find and fix.’ Automated Attacks Require Automated Response Traditionally, when a flaw is found, developers research and rewrite code to manually fix the security issue. This requires enormous effort when compounded across thousands of security flaws in a codebase. This approach typically delays releases into production and increases security debt. “Fixing security flaws has traditionally been a manual effort—until now,” said Roche. “With the increase in automated attacks, it’s no longer tenable to continue to remediate flaws entirely manually. Veracode Fix paves the way to a scalable mechanism to remove vulnerabilities before attackers can exploit them.” Veracode Fix will be generally available with initial support for Java and C# in June 2023. To learn more about Veracode Fix, read more here. About Veracode Veracode is intelligent software security. Powered by nearly two decades of data, securing more than 130 trillion lines of code, with the Veracode Software Security Platform, development teams continuously find and fix flaws at every stage of the modern software development life cycle. Trusted by security teams, developers, and business leaders from thousands of the world’s most innovative organizations, Veracode is the software security pioneer for integrated prevention, detection, and response. Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter. Copyright © 2023 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Forum Systems Releases Next Generation of API Gateway

Prnewswire | April 17, 2023

Forum Systems Inc., a leader in API gateway technology, releases the next generation of its flagship product, Forum Sentry, Version 9.1. The company continues to redefine excellence in API integration, security, and identity management. "CIOs are often scrambling to manage the growing complexity of their business systems. A simple API integration service might be deployed. But then the traffic comes. These platforms can only scale by adding more vCores, which is unsustainable," warns Mamoon Yunus, CEO of Forum Systems. He continued, "integration is as much a part of our product now as security and identity. We're proud of how Sentry's low-code/no-code environment is saving our clients millions in computing costs by optimizing performance." To continue to serve its users well, Sentry v9.1 comes with several new features—each designed to be resource-efficient and performant. Sentry now supports: PostgreSQL, Cobol Copybooks, OpenAPI v3.0, JSON Web Tokens, direct JSON mapping, as well as running custom scripts. Caching in Sentry is now faster and more flexible. It can leverage Redis as a fast in-memory cache that is safer for runtime. And users have finer control over Sentry's caching behavior through Read and Store: Sentry can apply a task list before a cached response is returned, which allows, for example, distinct responses based on client-specific attributes. A typical organization manages hundreds of APIs—each with its own size, latency, and invocation schedule. Normally a human would set thresholds to monitor performance, but this becomes intractable as the number of APIs grows. A few rules cannot handle the complexity and the false positives drown out real anomalies. Sentry now leverages machine learning to automate performance monitoring: it captures baseline API characteristics and alerts on deviations from what is expected, which enables real-time proactive business monitoring. Forum Systems encourages all organizations to assess their current API strategy and identify pain points. For further information on Sentry v9.1, check out the release notes or schedule a product demo. About Forum Systems Forum Systems is a leader in intelligent API gateway technology, deep data analytics, and cloud technologies. Forum technology, used by some of the largest global companies for building intelligent business workflows, is certified and secure. Along with industry-leading performance, interoperability, and security, Forum Systems takes pride in its customer-driven innovation and simplified user experience.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Noname Security Expands API Security Platform To Help Organisations Increase Cyber Resilience

Prnewswire | March 30, 2023

Noname Security, the leading provider of complete API security solutions, today announced major enhancements to its market-leading API security platform to help organisations protect their API ecosystem, secure their applications, and increase cyber resilience. With the fastest, most flexible, and most comprehensive solution on the market, Noname Security continues to define API security. Noname Enables Secure Growth with API Security Innovation Today, APIs drive business, delivering value to customers, clients, patients, users, shareholders, and more. However, securing APIs – and all of the critical assets they connect – has become more difficult than ever as APIs attacks have increased exponentially. IBM Security X-Force reported that two-thirds of its analysed incidents were due to unsecure APIs. "APIs are the connective tissue for the digital world, but the explosion in API use has created new and rapidly growing threats to organisations across the globe. We created the Noname API Security Platform to uniquely address the modern API ecosystem, with discovery, insight, protection, and testing capabilities," said Shay Levi, Co-Founder and CTO at Noname Security. "Doing so means not only securing APIs and their use, but also improving the speed at which our customers can expand their business." The Noname API Security Platform Continues to Define API Security Noname's latest major release delivers new capabilities across the entire platform – covering discovery, posture management, runtime protection, pre-production testing, and deployment – to help customers: Discover More & Strengthen Security Posture Noname Security's Discovery and Posture Management solutions locate and provide insight to every API in an organisation's ecosystem, uncovering vulnerabilities (including the most recent OWASP API Top Ten), protecting sensitive data, and proactively monitoring for changes, including in OpenAPI and other specifications. New capabilities enable customers to: Gain complete visibility and detailed insights to protect APIs with customisable discovery, flexible tagging, and datatype assignments – including PII, PCI, PHI, and custom categories – for grouping APIs by application, business unit, and more. Understand APIs in rich context with visualisations of business logic, physical network infrastructure, and API traffic to understand specific interactions and behaviour patterns. Secure containerised applications with enhanced discovery and detection for Kubernetes (k8s). Prioritise resources and eliminate blind spots with extensive infrastructure inventories for AWS and Azure, enabling organisations to find unprotected APIs, map the connections between APIs and infrastructure resources, pinpoint resources that could increase the attack surface, and resolve potential issues with full context. Stop Attacks with Runtime Protection Noname Security Runtime Protection detects and blocks API attacks with real-time traffic analysis, out-of-band monitoring, inline remediation options, and workflow integrations to increase SOC effectiveness. New capabilities enable customers to: Identify business-logic-based attacks immediately with updates to the industry's most advanced anomaly detection engine using artificial intelligence & machine learning (AI/ML), including unsupervised online learning. Reduce Mean-Time-To-Resolution (MTTR) with more context on issue records, including detailed remediation guidance and tools for deeper investigation. Fully align with security operations center (SOC) processes with automation, custom workflows, and integrations with existing systems such as ITSM, SIEM, SOAR, and more. Deliver Secure APIs Faster with Active Testing Noname Security Active Testing is a purpose-built API security testing solution that helps organisations easily add security into the CI/CD pipeline without sacrificing speed. The newest version of Active Testing enables customers to: Shift left with integrations into the entire software development lifecycle (SDLC). Teams get dynamic API visibility across multiple states and environments throughout the CI/CD process. Leave no API untested with a unique ability to find and test every API based on an understanding of the application's business logic. Empower developers with best-in-class usability such as simple setup & automation, in-line test results, and contextual guidance for request failure mitigation. Continuously Adapt to Changing Environments Noname Security offers the most flexible and comprehensive set of deployment and integration options available. New capabilities enable customers to: Rapidly realise value with simplified step-by-step onboarding and in-app guidance. Meet any deployment requirement with both agentless and agent-based options, including eBPF, and both out-of-band and inline protection options. Easily manage complex deployments with automatic updates across cloud-hosted, self-hosted, hybrid, and distributed deployments. Maintain data residency and reduce overhead with remote engines to aggregate traffic into a centralised console, allowing you to keep data within your control and reducing traffic. Meet strict public-sector compliance requirements with a new hardened virtual appliance. See the entire attack surface with additional integrations and improvements to Akamai, AWS ECS, Cloudflare, Oracle Cloud Infrastructure, Citrix, and other connectors. Staying Ahead of Attackers Built by the largest team of API security researchers and developers in the industry, the Noname API Security Platform helps organisations proactively find vulnerabilities, stop attacks, reduce the risk of costly incidents, and ensure business continuity. "Improving security posture and shifting from reactive to proactive does more than reduce risk. It allows the entire enterprise to change its position in the market from follower to leader," said Oz Golan, CEO and Co-Founder of Noname Security. About Noname Security Noname Security is the only company taking a complete, proactive approach to API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Protection, and API Security Testing. Noname Security is privately held, remote-first with headquarters in Silicon Valley, California, and offices in Tel Aviv and Amsterdam.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Veracode Introduces Intelligent Software Security With Launch of Veracode Fix

Businesswire | April 19, 2023

Veracode, a leading provider of intelligent software security solutions, today launches Veracode Fix, a new AI-powered product. Trained on Veracode’s proprietary dataset, Veracode Fix suggests remediations for security flaws found in code and open-source dependencies. Shifting the Paradigm from Merely ‘Find’ to ‘Find and Fix’ “For far too long, organizations have had to choose between remediating software security flaws and meeting aggressive deadlines to push code into production. Veracode Fix makes it possible to deliver more secure software faster, at lower cost, and with higher confidence,” said Brian Roche, Chief Product Officer at Veracode. “Through the power of AI and machine learning, leveraging GPT (Generative Pre-trained Transformer) technology, we’ve revolutionized the way developers and security teams address software security issues. Nearly two decades ago, Veracode pioneered a new industry standard as a cloud-based SaaS security platform. Today, we set a new bar, moving beyond application security testing to intelligent software security.” Since its inception in 2006, Veracode has been committed to helping organizations find, understand, and remediate software security risk. The release of Veracode Fix brings software security to the next level by changing the scope of application security from merely ‘find’ to ‘find and fix.’ Automated Attacks Require Automated Response Traditionally, when a flaw is found, developers research and rewrite code to manually fix the security issue. This requires enormous effort when compounded across thousands of security flaws in a codebase. This approach typically delays releases into production and increases security debt. “Fixing security flaws has traditionally been a manual effort—until now,” said Roche. “With the increase in automated attacks, it’s no longer tenable to continue to remediate flaws entirely manually. Veracode Fix paves the way to a scalable mechanism to remove vulnerabilities before attackers can exploit them.” Veracode Fix will be generally available with initial support for Java and C# in June 2023. To learn more about Veracode Fix, read more here. About Veracode Veracode is intelligent software security. Powered by nearly two decades of data, securing more than 130 trillion lines of code, with the Veracode Software Security Platform, development teams continuously find and fix flaws at every stage of the modern software development life cycle. Trusted by security teams, developers, and business leaders from thousands of the world’s most innovative organizations, Veracode is the software security pioneer for integrated prevention, detection, and response. Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter. Copyright © 2023 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Forum Systems Releases Next Generation of API Gateway

Prnewswire | April 17, 2023

Forum Systems Inc., a leader in API gateway technology, releases the next generation of its flagship product, Forum Sentry, Version 9.1. The company continues to redefine excellence in API integration, security, and identity management. "CIOs are often scrambling to manage the growing complexity of their business systems. A simple API integration service might be deployed. But then the traffic comes. These platforms can only scale by adding more vCores, which is unsustainable," warns Mamoon Yunus, CEO of Forum Systems. He continued, "integration is as much a part of our product now as security and identity. We're proud of how Sentry's low-code/no-code environment is saving our clients millions in computing costs by optimizing performance." To continue to serve its users well, Sentry v9.1 comes with several new features—each designed to be resource-efficient and performant. Sentry now supports: PostgreSQL, Cobol Copybooks, OpenAPI v3.0, JSON Web Tokens, direct JSON mapping, as well as running custom scripts. Caching in Sentry is now faster and more flexible. It can leverage Redis as a fast in-memory cache that is safer for runtime. And users have finer control over Sentry's caching behavior through Read and Store: Sentry can apply a task list before a cached response is returned, which allows, for example, distinct responses based on client-specific attributes. A typical organization manages hundreds of APIs—each with its own size, latency, and invocation schedule. Normally a human would set thresholds to monitor performance, but this becomes intractable as the number of APIs grows. A few rules cannot handle the complexity and the false positives drown out real anomalies. Sentry now leverages machine learning to automate performance monitoring: it captures baseline API characteristics and alerts on deviations from what is expected, which enables real-time proactive business monitoring. Forum Systems encourages all organizations to assess their current API strategy and identify pain points. For further information on Sentry v9.1, check out the release notes or schedule a product demo. About Forum Systems Forum Systems is a leader in intelligent API gateway technology, deep data analytics, and cloud technologies. Forum technology, used by some of the largest global companies for building intelligent business workflows, is certified and secure. Along with industry-leading performance, interoperability, and security, Forum Systems takes pride in its customer-driven innovation and simplified user experience.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Noname Security Expands API Security Platform To Help Organisations Increase Cyber Resilience

Prnewswire | March 30, 2023

Noname Security, the leading provider of complete API security solutions, today announced major enhancements to its market-leading API security platform to help organisations protect their API ecosystem, secure their applications, and increase cyber resilience. With the fastest, most flexible, and most comprehensive solution on the market, Noname Security continues to define API security. Noname Enables Secure Growth with API Security Innovation Today, APIs drive business, delivering value to customers, clients, patients, users, shareholders, and more. However, securing APIs – and all of the critical assets they connect – has become more difficult than ever as APIs attacks have increased exponentially. IBM Security X-Force reported that two-thirds of its analysed incidents were due to unsecure APIs. "APIs are the connective tissue for the digital world, but the explosion in API use has created new and rapidly growing threats to organisations across the globe. We created the Noname API Security Platform to uniquely address the modern API ecosystem, with discovery, insight, protection, and testing capabilities," said Shay Levi, Co-Founder and CTO at Noname Security. "Doing so means not only securing APIs and their use, but also improving the speed at which our customers can expand their business." The Noname API Security Platform Continues to Define API Security Noname's latest major release delivers new capabilities across the entire platform – covering discovery, posture management, runtime protection, pre-production testing, and deployment – to help customers: Discover More & Strengthen Security Posture Noname Security's Discovery and Posture Management solutions locate and provide insight to every API in an organisation's ecosystem, uncovering vulnerabilities (including the most recent OWASP API Top Ten), protecting sensitive data, and proactively monitoring for changes, including in OpenAPI and other specifications. New capabilities enable customers to: Gain complete visibility and detailed insights to protect APIs with customisable discovery, flexible tagging, and datatype assignments – including PII, PCI, PHI, and custom categories – for grouping APIs by application, business unit, and more. Understand APIs in rich context with visualisations of business logic, physical network infrastructure, and API traffic to understand specific interactions and behaviour patterns. Secure containerised applications with enhanced discovery and detection for Kubernetes (k8s). Prioritise resources and eliminate blind spots with extensive infrastructure inventories for AWS and Azure, enabling organisations to find unprotected APIs, map the connections between APIs and infrastructure resources, pinpoint resources that could increase the attack surface, and resolve potential issues with full context. Stop Attacks with Runtime Protection Noname Security Runtime Protection detects and blocks API attacks with real-time traffic analysis, out-of-band monitoring, inline remediation options, and workflow integrations to increase SOC effectiveness. New capabilities enable customers to: Identify business-logic-based attacks immediately with updates to the industry's most advanced anomaly detection engine using artificial intelligence & machine learning (AI/ML), including unsupervised online learning. Reduce Mean-Time-To-Resolution (MTTR) with more context on issue records, including detailed remediation guidance and tools for deeper investigation. Fully align with security operations center (SOC) processes with automation, custom workflows, and integrations with existing systems such as ITSM, SIEM, SOAR, and more. Deliver Secure APIs Faster with Active Testing Noname Security Active Testing is a purpose-built API security testing solution that helps organisations easily add security into the CI/CD pipeline without sacrificing speed. The newest version of Active Testing enables customers to: Shift left with integrations into the entire software development lifecycle (SDLC). Teams get dynamic API visibility across multiple states and environments throughout the CI/CD process. Leave no API untested with a unique ability to find and test every API based on an understanding of the application's business logic. Empower developers with best-in-class usability such as simple setup & automation, in-line test results, and contextual guidance for request failure mitigation. Continuously Adapt to Changing Environments Noname Security offers the most flexible and comprehensive set of deployment and integration options available. New capabilities enable customers to: Rapidly realise value with simplified step-by-step onboarding and in-app guidance. Meet any deployment requirement with both agentless and agent-based options, including eBPF, and both out-of-band and inline protection options. Easily manage complex deployments with automatic updates across cloud-hosted, self-hosted, hybrid, and distributed deployments. Maintain data residency and reduce overhead with remote engines to aggregate traffic into a centralised console, allowing you to keep data within your control and reducing traffic. Meet strict public-sector compliance requirements with a new hardened virtual appliance. See the entire attack surface with additional integrations and improvements to Akamai, AWS ECS, Cloudflare, Oracle Cloud Infrastructure, Citrix, and other connectors. Staying Ahead of Attackers Built by the largest team of API security researchers and developers in the industry, the Noname API Security Platform helps organisations proactively find vulnerabilities, stop attacks, reduce the risk of costly incidents, and ensure business continuity. "Improving security posture and shifting from reactive to proactive does more than reduce risk. It allows the entire enterprise to change its position in the market from follower to leader," said Oz Golan, CEO and Co-Founder of Noname Security. About Noname Security Noname Security is the only company taking a complete, proactive approach to API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Protection, and API Security Testing. Noname Security is privately held, remote-first with headquarters in Silicon Valley, California, and offices in Tel Aviv and Amsterdam.

Read More

More featured news