The Domain Name System (DNS) is often described as the address book of the Internet. A and AAAA records map a human-friendly hostname like honeybadger.io to some machine-friendly IP address like 104.198.14.52. Other types of DNS records also exist; in particular, CNAME records are records that map a hostname to some other hostname, thereby delegating IP resolution to the latter.

Artificial intelligence (AI) is kind of a big deal. And when things are a big deal, they're ripe to be exploited. Fortunately, mounting concerns about AI security and privacy are met by plenty of guidance on best practices from the good folks in the open source world. The OWASP AI Security Project has emerged as a crucial initiative, offering developers clear, actionable guidance on designing, creating, testing, and procuring secure and privacy-preserving AI systems.

The Open Web Application Security Project (OWASP for short) is a not-for-profit entity devoted to improving the security of software. Founded in 2001, OWASP is a global organization that supports thousands of volunteers globally to produce freely-available articles, documentation, tutorials, and tooling. OWASP is best known for its "Top 10" lists, which represent a broad consensus about the most critical security risks to web applications.

NCM —NodeSource Certified Modules— is the secure, reliable way to take advantage of the massive ecosystem of Node.js packages. Certified modules are compatible with Node LTS and monitored continuously to identify risk over time. Certification guarantees no security vulnerabilities or unverified code in modules or dependencies and is easy to set up and manage. No workflow changes are required.

The OWASP API Security Top 10 identifies the top API vulnerabilities that pose the greatest risk to mobile, web and SaaS applications as well as internal, partner and external API programs, highlighting which vulnerabilities must be detected and mitigated promptly. Gartner predicts that APIs that expose private information such as Personally Identifiable Information (PII) will be the most common attack vector in 2022.

OWASP and OWASP Top 10 help to safeguard your code against software security vulnerabilities. Here, we explain what is OWASP and what are the OWASP Top 10 vulnerabilities. Read along or jump to the section that interests you the most: ➡️ use Klocwork for easy owasp compliance.

A new vulnerability that impacts devices and applications that use Java has been identified in Log4j, the open-source Apache logging library. Known as Log4Shell, the flaw is the most significant security vulnerability currently on the internet, with a severity score of 10-out-of-10. Fortunately, Perforce static analysis and SAST tools — Helix QAC and Klocwork — can help.

If you’ve been online at all this week, chances are that you’ve heard about the Log4Shell zero-day (CVE-2021-44228) in Log4J, a popular Java logging library. The vulnerability enables Remote Code Execution (RCE), which allows attackers to run arbitrary code on the target’s machines. I know the first question that you all have is: “Is Kong affected by Log4Shell?” Let’s start with the good news: No Kong products are affected by this Log4J vulnerability.

Your data is safe with Rollbar. A zero day in the Java ecosystem was discovered that could exploit Apache’s Log4J library. The vulnerability can, potentially, impact users of Rollbar’s Java SDK if they selected Log4J for their project. We recommend that all projects that are dependent on Log4J upgrade their dependencies so they require a version at/after 2.16.0.

The severity and ingenuity of cyberattacks continues to increase as malicious actors become more proficient, breaking through the software layers and aiming to also compromise hardware like integrated circuits. Relative to software, it is much more difficult to patch security vulnerabilities in ICs – making early identification of IP security weaknesses increasingly important.