A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

Pentagon Cancels Disputed JEDI Cloud Contract With Microsoft (SecurityWeek, Jul 06 2021)
The Pentagon said Tuesday it is canceling a cloud-computing contract with Microsoft that could eventually have been worth $10 billion and will instead pursue a deal with both Microsoft and Amazon.

It’s High Time for a Security Scoring System for Applications and Open Source Libraries (Dark Reading, Jul 06 2021)
A benchmarking system would help buyers choose more secure software products and, more importantly, light a fire underneath software producers to make products secure.

GitHub Unveils AI Tool to Speed Development, but Beware Insecure Code (Dark Reading, Jul 01 2021)
The company has created an AI system, dubbed Copilot, to offer code suggestions to developers, but warns that any code produced should be tested for defects and vulnerabilities.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Pentagon kills Microsoft’s $10B JEDI cloud contract, says tech is now outdated (Ars Technica, Jul 06 2021)
Amazon’s legal stall tactics seem to have paid off.

Adapting InfoSec for Container Security (Container Journal, Jul 07 2021)
Containerization has effectively become the new normal for expediting app delivery and improvements; security concerns surrounding containers don’t seem to be holding back the tide. And rightly so, because the security of any technology really depends on how it’s used. Containers are not inherently insecure. What ultimately determines how vulnerable

8 Security Considerations for CI/CD (DevOps, Jul 07 2021)
In the software development enterprise, CI/CD refers to the combined practices of continuous integration and either continuous delivery or continuous deployment. CI/CD enables organizations to bridge the gap between development, operation activities and teams by the use of automation when building, testing and deploying applications.  How do you maintain quality and security with frequent deployments?

Enhancing cloud security with a two-step cryptography technique (Help Net Security, Jul 01 2021)
The central goal of cloud computing is to provide fast, easy-to-use computing and data storage services at a low cost. However, the cloud environment comes with data confidentiality risks attached. Cryptography is the primary tool used to enhance the security of cloud computing.

Why the security of the business depends on app security (SC Media, Jul 01 2021)
The success of Pokemon Go pushed the company to create a security culture that included DevSecOps. Today’s columnist, John Worrall of Zero North, offers insights on how companies can focus more on application security.

Single page web applications and how to keep them secure (Help Net Security, Jul 02 2021)
Application developers such as Airbnb, Pinterest and LinkedIn showcase a new approach to designing and building modern web applications. Using what is known as a single page app (SPA) framework, these apps represent the next generation of modern software design, offering a faster and cleaner user experience than traditional multi-page websites. What are single page apps?

Official Formula 1 App Hacked (Infosecurity Magazine, Jul 06 2021)
Racing fans receive strange messages over holiday weekend

How to monitor and track failed logins for your AWS Managed Microsoft AD (AWS Security Blog, Jul 02 2021)
AWS Directory Service for Microsoft Active Directory provides customers with the ability to review security logs on their AWS Managed Microsoft AD domain controllers by either using a domain management Amazon Elastic Compute Cloud (Amazon EC2) instance or by forwarding domain controller security event logs to Amazon CloudWatch Logs.