Security Boulevard

CVEs lose relevance: Get proactive — and think beyond vulnerabilities

Application security (AppSec) would not have existed for the past 25 years without the Common Vulnerabilities and Exposures (CVEs), the numbering system used for identifying discovered vulnerabilities ...
COBIT

Case Study: Establishing a Strong Security Posture Without Sacrificing Developer Productivity

A few years ago, a large US healthcare insurance company got surprising results from an internal information security (InfoSec) audit. The new chief information security officer (CISO), who had ...
techzine

Red Hat: “Lack of code visibility is haunting companies”

If it is up to Burr Sutter of Red Hat, there are two significant software development challenges: establishing a robust software supply chain and enhancing the onboarding experience. Burr Sutter has ...
Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
Tom's Guide

Framework Laptop 13 (2023) review: The Anti-MacBook gets an upgrade

MacBooks I just tested the MacBook Air M5 and it’s almost perfect — but there's one catch MacBooks I tested the Apple MacBook Neo and it's the best budget laptop ever MacBooks Apple March event LIVE — ...
InfoWorld

9 dark secrets of the federated web

The federated web, free of centralized control and walled gardens, is an ideal with deep roots in high-tech. So why is it so hard to bring this dream to life? Robert Frost once wrote that good fences ...
techcircle

Log4j vulnerability exploited 50 times more than ProxyLogon

The zero-day exploit found in the Java-based logging framework Log4j had nearly 50 times the activity volume compared to ProxyLogon, a Microsoft exchange server vulnerability, measured on peak 10-day ...