A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
76% of applications have at least one security flaw (Help Net Security, Oct 28 2020)
The majority of applications contain at least one security flaw and fixing those flaws typically takes months, a Veracode report reveals. This year’s analysis of 130,000 applications found that it takes about six months for teams to close half the security flaws they find.
Microsoft’s Kubernetes Threat Matrix: Here’s What’s Missing (Dark Reading, Oct 26 2020)
With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.
What you can learn in our Q4 2020 Google Cloud Security Talks (Google Cloud Blog, Oct 27 2020)
“2020 has brought with it some tremendous innovations in the area of cloud security. As cloud deployments and technologies have become an even more central part of organizations’ security program, we hope you’ll join us for the latest installment of our Google Cloud Security Talks, a live online event on November 18th, where we’ll help you navigate the latest thinking in cloud security.”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Need for ‘Guardrails’ in Cloud-Native Applications Intensifies (Dark Reading, Oct 22 2020)
With more organizations shifting to cloud services in the pandemic, experts say the traditionally manual process of securing them will be replaced by automated tools in 2021 and beyond.
#InfosecurityOnline: Are the Cloud and Automation Driving or Hindering Your Business? (Infosecurity Magazine, Oct 22 2020)
Are the cloud and point solutions enabling or hindering your business, and where can automation fit in?
How to enhance Amazon CloudFront origin security with AWS WAF and AWS Secrets Manager (AWS Security Blog, Oct 22 2020)
Whether your web applications provide static or dynamic content, you can improve their performance, availability, and security by using Amazon CloudFront as your content delivery network (CDN).
Parisa Tabriz: ‘Security Princess’ killing Google bugs (SC Media, Oct 26 2020)
Parisa Tabriz is director of engineering at Google, overseeing Chrome and the Project Zero team of bug hunters.
Window Snyder: baking security into the app dev process (SC Media, Oct 26 2020)
Window Snyder and the security industry grew up together. When she decided to ditch her original plans to pursue a writing career – what she’s referred to as her teenage rebellion – in favor of a career in tech, there was no playbook for security.
5 Human Factors That Affect Secure Software Development (Dark Reading, Oct 27 2020)
With the move to remote work, it’s especially important to understand how to support, discourage, and monitor conditions for development teams.
Google Mending Another Crack in Widevine (Krebs on Security, Oct 26 2020)
For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney, Hulu and Netflix to prevent their content from being pirated.
Developers’ Approach to App Testing Could Cut Flaw Fix Times by 80 Days (Dark Reading, Oct 27 2020)
An analysis of more than 130,000 active applications found more with at least one high-severity flaw compared with 2019.
New Research Reveals the Hidden Downsides of Link Previews (Wired, Oct 28 2020)
The feature is convenient, but it can also leak sensitive data, consume bandwidth, and drain batteries. And some sites are worse than others.