‘Oracle’s chief architect, Mark Reinhold, shared his thoughts about Java’s serialization mechanism which he called a “horrible mistake” and a virtually endless source of security vulnerabilities. This is evident in nearly half of the vulnerabilities that have been patched in the JDK in the last 2 years are related to serialization. Serialization security issues have also plagued almost every software vendor including Apache, Oracle, Pivotal, Cisco, McAfee, HP, Adobe, VMWare, Samsung, and others.’
Original source: Oracle plans to end Java serialization, but that’s not the end of the story
“Steve Singh took over as CEO a year ago and has presided over a growing number of customers – more than 500 enterprise customers to date – and associated revenue. On that note, the company announced it expects to grow bookings beyond $100m in 2018.”
Original source: DockerCon coverage from 451: security focus
“The acquisition will combine AlienVault’s expertise in threat intelligence with AT&T’s cybersecurity solutions portfolio that includes threat detection and prevention as well as response technologies and services. After the acquisition closes, AT&T business customers will be able to access our unified security management platform that helps make organizations more effective at threat detection and response, by giving them access to a broad set of enterprise-grade security capabilities.”
Original source: AT&T to Acquire AlienVault | AlienVault
“If you’re in the field of cybersecurity, a lot of what we’re preaching will sound extraordinarily basic to you. It is extraordinarily basic. We as a nation are not at a point where we have done the extraordinarily basic things.”
Original source: Security basics
“One of the biggest security upsides to developing on serverless architectures is that organizations don’t have to deal with the daunting task of having to constantly apply security patches for the underlying operating system. These tasks are now in the domain of the serverless architecture provider.”
The rest – the application code – still needs to be secure. Of course.
Original source: Serverless Architectures: A Paradigm Shift in …
“Merrill uses MongoDB technology to build horizontal applications on top of four key pillars: a secure repository, document collaboration, data and machine learning as well as analytics. Pivotal Cloud Foundry is used across all engineering stages – development, testing and production – with a focus on maximizing the microservices infrastructure that arranges the application into a suite of independently deployable, modular services. For security, identity and storage components Merrill DatasiteOne uses Microsoft Azure Key Vault, Azure Active Directory and Azure Storage.”
Original source: Merrill Corporation alongside Leading Technology Companies, Launch New Category for M&A Professionals
‘It turns out that our AI analysts often use the phrase “AI” to mean “top techniques from the field of Artificial Intelligence” which today means “deep neural networks” (DNNs, shorthanded to “deep learning” by some), natural language processing, image recognition, etc (the latter probably use DNNs anyway).’
Original source: “Do They Have AI?” or That Rant on AI in Security
“Worldwide spending on security-related hardware, software, and services is forecast to reach $91.4 billion in 2018, an increase of 10.2% over the amount spent in 2017.” Also, a breakdown of spending per industry and type of security product.
Original source: Worldwide Spending on Security Solutions Forecast to Reach $91 Billion in 2018, According to a New IDC Spending Guide
“A container registry is the repository for all your container images. Since your core business applications are packaged into containers (built out of container images), you must protect these images just as you would any other important enterprise IT system. That’s where the image registry comes into play.”
Original source: Using VMware’s Harbor with PKS (and Why Kubernetes Needs a Container Registry)
“With Aqua 3.0, users can create fine-grained user access control roles and policies. Access to kubectl commands can be specified to particular users, and governed by Aqua’s scalable labeling format. The Kubernetes controls also provides the ability to block unapproved images from running across entire cluster, as well as the ability to control network traffic based on Kubernetes namespaces, clusters or deployments.”
Plus, some policy drift report making. Done with a sidecar.
Original source: Aqua Extends Container Security Platform to Kubernetes, Cloud Services