A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
EU to Run Bug Bounty Programs for 14 Free Software Projects (SecurityWeek, Jan 02 2019)
The European Union is offering a total of more than €850,000 – nearly $1 million – for vulnerabilities found in 14 widely used free and open source software projects.
Distinguishing Between Cloud Washed and Cloud Native (DevOps, Jan 02 2019)
Cloudwashed solutions are legacy, on-premises software held in a virtualized data center and rebranded as cloud software. Such tools originally were not built for the cloud and do not satisfy the NIST definition of true cloud computing. While non-local hosting can reduce maintenance and server costs, by adopting cloudwashed services you sacrifice the benefits of cloud native.
Fuzzing Like It’s 1989 (Trail of Bits Blog, Dec 31 2018)
In this blog post, we are going to find bugs in modern versions of Ubuntu Linux using the exact same tools as described in the original fuzzing papers.
Tell Your Friends
If you’re enjoying Mosaic’s independent news curation, forward it to a friend today. “Hey, instead of sifting through vendor marketing and duplicate news, I found this curated news feed from Mosaic Security Research. Check it out.”
Thanks! – Lucas Samaras
Transparent Data Encryption (TDE) with customer managed keys for Managed Instance (Microsoft Azure Blog, Dec 17 2018)
Microsoft announced the public preview of Transparent Data Encryption (TDE) with Bring Your Own Key (BYOK) support for Microsoft Azure SQL Database Managed Instance.
2019, The Year Ahead in Cloud Security (Infosec Island Latest Articles, Jan 02 2019)
Spend wisely and follow the smart money. There will be a trend to invest in cloud-based security to mitigate cloud security fears.
Cornerstone Capabilities of Cloud Access Security Brokers (Security, Jan 02 2019)
Cloud access security brokers (CASBs) can boast a number of features. In this blog, learn about the capabilities you need to protect corporate data.