Systems | Development | Analytics | API | Testing

At NodeSource, we live and breathe Node.js and are passionate about performance and security. We understand that for developers and platform teams, managing the security and compliance of dependencies is a mission-critical task. However, the tools designed to help can sometimes become part of the problem. Today, we’re proud to introduce NodeSource Certified Modules v3 (NCM v3): a complete rearchitecture of our module scanning and observability engine.

Securing APIs requires managing who can access resources and under what conditions. Two primary models stand out: Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). Here's the key takeaway: RBAC assigns permissions based on predefined roles, making it simple to manage in structured environments. ABAC evaluates multiple real-time attributes for dynamic, granular control, ideal for complex or evolving scenarios.

At Bitrise, we continually invest in security best practices to ensure that our customer’s data stays safe and secure. As a part of an on-going effort, we are excited to announce that we’ve successfully completed our SOC 2 report. The examination was conducted by A-LIGN, a technology-enabled security and compliance firm trusted by more than 4,000 global organizations to help mitigate cybersecurity risks.

The longstanding Common Vulnerability and Exposure (CVE) database has vitally guided security teams for over 20 years, connecting cybersecurity experts, developers, vendors, and researchers in their shared ability to track unknown vulnerabilities in software. But in April of 2025, the MITRE CVE database program was in jeopardy. U.S. government funding for CVE, managed by MITRE and sponsored by CISA, was set to expire. Only in the 11th hour was funding secured, and the contract extended — for now.

Security breaches rarely begin with a hidden zero-day exploit or a complex web of escalated hacks. They often start in very simple ways – an internal team member is breached, a permission is misconfigured, an overly permissive API endpoint is overlooked, or a JWT simply doesn’t expire. An API, or application programming interface, is a set of protocols and tools that enable different software systems to communicate and exchange data, making them essential in modern software development.

Are you still running Node.js 12, 14, or even older versions in production? If so, you’re facing a serious challenge: these versions have reached End-of-Life (EOL) and no longer receive official updates or security patches. For many organizations, especially those operating on legacy environments like RHEL 7 or Ubuntu 18.04, upgrading to the latest Node.js version isn’t always feasible.

South Africa’s Joint Standard on Cybersecurity & Cyber Resilience (JS2) is reshaping the regulatory landscape. Financial institutions must now rethink how they manage sensitive data. For data compliance leaders, this marks a critical shift where failing to adapt could bring serious consequences. This blog will examine what JS2 means for your organization’s data compliance efforts. Then, discover how Perforce solutions can help you in building a resilient data compliance program.

The digital landscape is changing. More and more, consumers are realising the importance of data privacy. This shift in mindset is something businesses must attune to if they hope to build strong relationships with their customers. The phasing out of third-party cookies by Google at the end of 2024 and global regulations like GDPR and CCPA tightening data collection mean companies that embed privacy as a core part of their operations have the most to gain.

The Model Context Protocol (MCP) has pioneered a new interface layer between AI agents and tools. It has become easier to enable seamless access to external services, APIs, workflows, and data with natural language. MCP servers are now powering the decentralization of AI intelligence and orchestrating the interplay among modern AI systems. In doing so, they also introduce a more open, fluid, and automation-driven attack surface. However, traditional API security models weren’t built for this.

Data is vital to everything we do in the modern world. When it comes to data, we cannot ignore APIs. They act as the internet’s functional backbone, helping in the smooth transfer of data between servers, apps, and devices. APIs must be protected from risks and vulnerabilities because they are used at every step. This is where security testing for APIs comes in.