-
GitLab’s 2024 bug bounty year in review
It’s that time again when everyone reflects on the year that just passed, and the Application Security team at GitLab is no different. We run the bug bounty program at GitLab, and every year we summarize our stats for those who are curious. We wouldn’t be where we are without the collaboration of our bug…
-
Ultimate guide to CI/CD: Fundamentals to advanced implementation
Continuous integration/continuous delivery (CI/CD) has revolutionized how software teams create value for their users. Gone are the days of manual deployments and integration headaches — modern development demands automation, reliability, and speed. At its core, CI/CD is about creating a seamless pipeline that takes code from a developer’s environment all the way to production and…
-
Best Courses for Java Developers
Tired of the same predictable and monotonous Java tutorials? So was I. I used to think all Java courses were the same. Endless tutorials where someone talks about getters and setters in a monotonous, robotic voice while you put all of your effort into just trying to stay awake. After months of intensive research and…
-
The “last mile” from credentials to employment
Academic digital credentials — the cryptographically verifiable assertion that an individual holds a degree, certificate, or other credential — have been available for the better part of a decade. Yet despite the potential value of these data-rich, transportable credentials to graduates, employers, and academic institutions, digital credentials have by no means become the standard in…
-
Celebrating Dedication and Innovation: Highlights from SAFECode Day 2024
Over 50 SAFECode members and industry leaders came together for a dynamic SAFECode Day 2024! The event featured exciting project updates, lively discussions, and an inspiring keynote from Anne Neuberger, Deputy Assistant to the President, who emphasized the crucial role of cybersecurity in today’s digital landscape. It was great to hear our members share their…
-
The PQC Algorithm FIPS are Published – Now What?
By Brian Rosenberg, RTX Corporation and Judith Furlong, Dell Technologies with Matthew Lyon, Dell Technologies; Steve Lipner, SAFECode Introduction We made it – this far! The U.S National Institute of Standards and Technology (NIST) recently published the Federal Information Processing Standards (FIPS) for three post-quantum cryptography (PQC) algorithms, marking the end of the beginning of…
-
New SAFECode Member Council to Ensure Greater Industry Collaboration on Software Security
Oracle’s John Heimann and Siemens Energy’s Manuel Ifland Elected to Lead the Member Council WAKEFIELD, Mass. – March 6, 2024 – SAFECode has announced a new Member Council to direct its industry-led efforts to advance software security practices. Chaired by John Heimann, Vice President of Security Program Management at Oracle, and Vice Chaired by Manuel…
-
Secure by Design? The U.S. Government and Requirements for Secure Development
The last two months have seen the release of three new U.S. Government documents related to software security: The National Cybersecurity Strategy released in early March covers the landscape of cybersecurity concerns and introduces the concept of shifting the liability for insecure software products and services from consumers to suppliers. In mid-April, The Cybersecurity and…
-
Thoughts on Executive Order 14028: Attestation and Software Security
For the last few weeks, SAFECode has been discussing a number of government initiatives related to software security assurance. This is the first of several blogs that we will be publishing to share our perspective and recommendations for approaches that will help governments and other organizations gain confidence in the software that they acquire and…
-
Navigate the Executive Order 14028 Era of Software Security
May 12, 2021 was a pivotal moment in cybersecurity history. The White House published Executive Order 14028 (EO 14028), a landmark document with an aggressive stance designed to advance the cybersecurity conversation1. While the document focuses on US federal government agencies and the companies that supply them, it’s a useful reference for those around the…