A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

Chrome starts marking all HTTP sites as “Not secure” (Help Net Security, Jul 24 2018)
If you’re using Google Chrome and you suddenly start seeing sites you usually visit labeled as “Not secure”, it’s because Google wants to push site owners to use HTTPS, i.e., encrypt the traffic passing from their visitors to their servers and vice versa.

Trend Micro Launches Targeted Server-Side Bug Bounty Program (Dark Reading, Jul 24 2018)
Targeted Incentive Program will pay anywhere from $25,000 to $200,000 to researchers who are first to demonstrate exploitable vulnerabilities.

Effective DevSecOps (DZone, Jul 19 2018)
Security cannot be isolated in one team; let’s talk about how to make security everyone’s responsibility by implementing a DevSecOps strategy.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Amazon Web Services Tests Out Two Tools to Help Keep the Cloud Secure (Wired, Jul 18 2018)
Amid frequent customer data exposures, Amazon Web Services is pushing to spot errors and promote access control.

OpenWhisk at Risk: Critical Bug Leaves IBM Cloud Exposed (Dark Reading, Jul 24 2018)
IBM and Apache have issued patches for a vulnerability that let attackers overwrite any company’s serverless code with malicious content.

Barracuda’s CloudGen WAF Lands on Google Compute Platform (eWEEK, Jul 19 2018)
Barracuda now supports all three major public cloud providers with its CloudGen Web Application Firewall technology and enables multicloud management capabilities.

CloudBees launches Kubernetes application on Google Cloud Platform Marketplace (Help Net Security, Jul 24 2018)
CloudBees announced it is introducing a commercial Kubernetes-native application available immediately in the Google Cloud Platform (GCP) Marketplace. The new offering will provide users with end-to-end coverage of all software delivery pipelines.

Why No HTTPS? Here’s the World’s Largest Websites Not Redirecting Insecure Requests to HTTPS (Troy Hunt’s Blog, Jul 24 2018)
“Who are these people?! After all the advanced warnings combined with all we know to be bad about serving even static sites over HTTP, what sort of sites are left that are neglecting such a fundamental security and privacy basic?”

Sabre selects Red Hat OpenShift Container Platform to support its Next Generation Platform (Help Net Security, Jul 25 2018)
Sabre Global Distribution System, owned by Sabre Holdings, is used by travel agents around the world with more than 400 airlines, 220,000 hotels, 42 car rental brands, 38 rail providers and 17 cruise lines.

Extended Validation SSL Certificates for Online Business Are Worth the Time and Money (SC Magazine, Jul 19 2018)
“Even though the expense and effort needed for EV are trivial compared to other parts of the security stack, many businesses will go for the cheapest and easiest solution unless presented with a compelling reason to do otherwise.”, says the CEO of a company that sells EV SSL certs.

New Report Shows Pen Testers Usually Win (Dark Reading, Jul 24 2018)
Pen testers are successful most of the time, and it’s not all about stolen credentials, according to a new report based on hundreds of tests.