Mediaboss Marketing

The emergence of the DevOps culture over the past several years has fundamentally changed software development, allowing companies to push code faster and to automatically scale the infrastructure needed to support new features and innovations. The increased push toward DevSecOps, which bakes security into the development and operations pipelines, is now changing the state of application security, but gaps still remain according to data from new industry reports.

A new report by the Enterprise Strategy Group (ESG), which surveyed 378 application developers and application security professionals in North America, found that many organizations continue to push code with known vulnerabilities into production despite viewing their own application security programs as solid.

Releasing vulnerable code is never good but doing so knowingly is better than doing it without knowing, since the decision usually involves some risk assessment, a plan to fix, and maybe temporary mitigations. Half of respondents said their organizations do this regularly and a third said they do it occasionally. The most often cited reasons were meeting a critical deadline, the vulnerabilities being low risk or the issues being discovered too late in the release cycle (45%).

The findings highlight why integrating security testing as early in the development process as possible is important, but also that releasing vulnerable code is not necessarily a sign of not having a good security program because this can happen for different reasons and no single type of security testing will catch all bugs. However, the report also found that many organizations are still in the process of expanding their application security programs, with only a third saying their programs cover more than three quarters of their codebase and a third saying their programs cover less than half.

Who takes responsibility for the decision of pushing vulnerable code into production can vary from organization to organization, the survey found. In 28% of organizations the decision is taken by the development manager together with a security analyst, in 24% by the development manager alone and in 21% by a security analyst.

This could actually be a sign of application security programs maturing, because DevSecOps is about moving security testing as early as possible in the development pipeline, whereas in the past security testing fell solely in the sphere of security teams who used to perform it after the product was complete.

In organizations where the development team does the security testing as a result of integrations into their processes and also consumes the results, it's normal for the development manager to make decisions regarding which vulnerabilities are acceptable, either in collaboration with the security team or even inside their own organization if they have a security champion -- a developer with application security knowledge and training -- on their team. Such decisions, however, should still be taken based on policies put in place by the CISO organization, which is ultimately responsible for managing the entire company's information security risk and can, for example, decide which applications are more exposed to attacks or contain more sensitive information that hackers could target. Those applications might have stricter rules in place when it comes to patching.

If the risk is not evaluated correctly, shipping code with known vulnerabilities can have serious consequences. Sixty percent of respondents admitted that their production applications were exploited through vulnerabilities listed in the OWASP Top-10 over the past 12 months. The OWASP Top-10 contains the most critical security risks to web applications and include problems like SQL injection, broken authentication, sensitive data exposure, broken access controls, security misconfigurations, the use of third-party components with known vulnerabilities and more. These are issues that should not generally be allowed to exist in production code.

According to ESG's report, companies use a variety of application security testing tools: API security vulnerability (ASV) scanning (56%), infrastructure-as-code security tools to protect against misconfigurations (40%), static application security testing (SAST) tools (40%), software composition analysis (SCA) testing tools (38%), interactive application security testing (IAST) tools (38%), dynamic application security testing (DAST) tools (36%), plugins for integrated development environments (IDEs) that assist with security issue identification and resolution (29%), scanning tools for images used in containers, repositories and microservices (29%), fuzzing tools (16%) and container runtime configuration security tools (15%).

However, among the top challenges in using these tools, respondents listed developers lacking the knowledge to mitigate the identified issues (29%), developers not using tools the company invested in effectively (24%), security testing tools adding friction and slowing down development cycles (26%) and lack of integration between application security tools from different vendors (26%).

While almost 80% of organizations report that their security analysts are directly engaged with their developers by working directly to review features and code, by working with developers to do threat modelling or by participating in daily development scrum meetings, developers themselves don't seem to get a lot of security training. This is why in only 19% of organizations the application security testing task is formally owned by individual developers and in 26% by development managers. A third of organizations still have this task assigned to dedicated security analysts and in another 29% it's jointly owned by the development and security teams.

In a third of organizations less than half of developers are required to take formal security training and only 15% such training is required for all developers. Less than half of organizations require developers to engage in formal security training more than once a year, 16% expecting developers to self-educate and 20% only offering training when a developer joins the team.

Furthermore, even when training is provided or required, the effectiveness of such training is not properly tracked in most organizations. Only 40% of organizations track security issue introduction and continuous improvement metrics for development teams or individual developers.

Veracode, one of the application security vendors who sponsored the ESG research, recently launched the Veracode Security Labs Community Edition, an in-browser platform where developers can get free access to dozens of application security courses and containerized apps that they can exploit and patch for practice.

Any mature application security program should also cover any open-source components and frameworks because these make up a large percentage of modern application code bases and carry risks of inherited vulnerabilities and supply chain attacks. Almost half of respondents in ESG's survey said that open-source components make up over 50% of their code base and 8% said they account for two thirds of their code. Despite that, only 48% of organizations have invested in controls to deal with open-source vulnerabilities.

In its 2020 State of the Software Supply Chain report, open-source governance company Sonatype noted a 430% year-over-year growth in attacks targeting open-source software projects. These attacks are no longer passive where attackers exploit vulnerabilities after they've been publicly disclosed, but ones where attackers try to compromise and inject malware into upstream open-source projects whose code is then pulled by developers into their own applications.

In May, the GitHub security team issued a warning about a malware campaign dubbed Octopus Scanner that was backdooring NetBeans IDE projects. Malicious or compromised components have also been regularly distributed on package repositories like npm or PyPi.

The complex web of dependencies makes dealing with this issue difficult. In 2019, researchers from Darmstadt University analyzed the npm ecosystem, which is the primary source for JavaScript components. They found that any typical package loaded an average of 79 other third-party packages from 39 different maintainers. The top five packages on npm had a reach of between 134,774 and 166,086 other packages.

"When malicious code is deliberately and secretly injected upstream into open source projects, it is highly likely that no one knows the malware is there, except for the person that planted it," Sonatype said in its report. "This approach allows adversaries to surreptitiously set traps upstream, and then carry out attacks downstream once the vulnerability has moved through the supply chain and into the wild."

According to the company, between February 2015 and June 2019, 216 such "next-generation" supply chain attacks were reported, but from July 2019 to May 2020 an additional 929 attacks were documented, so this has become a very popular attack vector.

In terms of traditional attacks where hackers exploit known vulnerabilities in components, companies seem unprepared to respond quickly enough. In the case of the Apache Struts2 vulnerability that ultimately led to the Equifax breach in 2017, attackers started exploiting the vulnerability within 72 hours after it became known. More recently, a vulnerability reported in SaltStack was also exploited within three days after being announced, catching many companies unprepared.

A Sonatype survey of 679 software development professionals revealed that only 17% of organizations learn about open-source vulnerabilities within a day of public disclosure. A third learn within the first week and almost half after a week's time. Furthermore, around half of organizations required more than a week to respond to a vulnerability after learning about it and half of those took more than a month.

Both the availability and consumption of open-source components is increasing with every passing year. The JavaScript community introduced over 500,000 new component releases over the past year pushing the npm directory to 1.3 million packages. Until May developers downloaded packages 86 billion times from npm, Sonatype projecting that by the end of the year the figure will reach 1 trillion downloads. It's concerning that the University of Darmstadt research published last year revealed that nearly 40% of all npm packages contain or depend code with known vulnerabilities and that 66% vulnerabilities in npm packages remain unpatched.

In the Java ecosystem, developers downloaded 226 billion open-source software components from the Maven Central Repository in 2019, which was a 55% increase compared to 2018. Given the statistics seen in 2020, Sonatype estimates that Java components downloads will reach 376 billion this year. The company, which maintains the Central Repository and has deep insights into the data, reports that one in ten downloads was for a component with a known vulnerability.

A further analysis of 1,700 enterprise applications revealed that on average they contained 135 third-party software components, of which 90% were open source. Eleven percent of those open-source components had at least one vulnerability, but applications had on average 38 known vulnerabilities inherited from such components. It was also not uncommon to see applications assembled from 2,000 to 4,000 open-source components, highlighting the major role the open-source ecosystem plays in modern software development.

Similar component consumption trends were observed in the .NET ecosystem and the microservice ecosystem, with DockerHub receiving 2.2 container images over the past year and being on track to seeing 96 billion image pull requests by developers this year. Publicly reported supply chain attacks have involved malicious container images hosted on DockerHub and the possibility of having images with misconfigurations or vulnerabilities is also high.

The DevOps movement has fundamentally changed software development and made possible the new microservice architecture where traditional monolith applications are broken down into individually maintained services that run in their own containers. Applications no longer contain just the code necessary for their features, but also the configuration files that dictate and automate their deployment on cloud platforms, along with the resources they need. Under DevSecOps, development teams are not only responsible for writing secure code, but also deploying secure infrastructure.

In a new report, cloud security firm Accurics, which operates a platform that can detect vulnerable configurations in infrastructure-as-code templates and cloud deployments, 41% of organizations had hardcoded keys with privileges in their configurations that were used to provision computing resources, 89% deployments had resources provisioned and running with overly permissive identity and access management (IAM) policies and nearly all of them had misconfigured routing rules.

See more here:
The state of application security: What the statistics tell us - CSO Online

NEW YORK, Aug. 13, 2020 /PRNewswire/ --CB Insights today named Icometrixto its second annual Digital Health 150 ranking, which showcases the 150 most promising private digital health companies in the world.

The 2020 Digital Health 150 cohort highlights startups that are reimagining the lines of the traditional healthcare experience across 12 categories, from Virtual Care Delivery and Clinical Trials, to Drug Discovery and Specialty Care.

"This year's Digital Health 150 is our most global ever, covering the best private healthcare companies from 17 countries. Beyond geographic diversity, these companies are innovating across the entire healthcare value chain, spanning technologies that benefit pharma & biotech companies, to payers, hospitals, insurers, and more," said CB Insights CEO Anand Sanwal.

"We are honored to receive this renewed recognition by CB Insights," said Wim Van Hecke, CEO of icometrix. "Innovative digital health solutions are changing healthcare at a rapid pace. Through our brain MRI and CT measures, we help radiologists, neurologists, neurosurgeons, and their referring physicians to make more informed and more accurate decisions for patients with neurological disorders. With our recently launched icompanion, a free app for people with multiple sclerosis to track symptoms, treatments, physician visits, as well as view their MRI scans on-the-go. All of this contributes to enhanced patient care worldwide, providing individual patients with the right treatment at the right moment," Van Hecke concludes.

icometrix offers AI solutions to obtain clinically meaningful data from MR and CT scans. Its icobrain portfolio incorporates brain volumetrics for patients with neurological conditions in clinical practice. icolung, an AI solution launched to help fight COVID-19, quantifies lung pathology on chest CT in admitted COVID-patients. Today, icometrix is internationally active in over 100 clinical practices and works with healthcare providers and pharmaceutical companies on the evaluation of drug trials for neurological diseases.

About icometrix icometrix (Leuven, Belgium; Chicago, USA) is the world leader in software solutions to obtain clinically meaningful data from brain MRI and CT scans. The fully automated icobrain software has market clearance in the USA, Europe, Japan, Canada, Brazil, India, and Australia. Today, the icobrain portfolio is used in patients with multiple sclerosis, dementia, and brain trauma.

Contact: Wim Van Hecke, CEOwim.vanhecke@icometrix.com+32 16-369-000icometrix.com

Press Kit:https://icometrix-files.s3-eu-west-1.amazonaws.com/Press-releases/Press-Kit-icometrix-20200813.zip

View original content to download multimedia:http://www.prnewswire.com/news-releases/icometrix-named-to-the-2020-cb-insights-digital-health-150---list-of-most-innovative-digital-health-startups-301111912.html

SOURCE icometrix

View post:
icometrix named to the 2020 CB Insights Digital Health 150 - List of Most Innovative Digital Health Startups - BioSpace

Global Free Streaming Software Market 2020-2027

Global Free Streaming SoftwareMarket (Impact of COVID-19) Size, Status and Forecast 2020-2026

GlobalFree Streaming Software Market Global Drivers, Restraints, Opportunities, Trends, and Forecasts up to 2027. Market Over viewing the present digitized world, 80% of the data generated is unstructured. Organizations are usingFree Streaming Software technology to unravel the meaning of such data to leverage business strategies and opportunities. A myriad of unstructured data is available online in the form of audio content, visual content and social footprints.

The segmental analysis focuses on revenue and forecast by Type and by Application in terms of revenue and forecast for the period 2016-2027.The Report scope furnishes with vital statistics about the current market status and manufacturers. It analyzes the in-depth business by considering different aspects, direction for companies, and strategy in the industry.

The latestFree Streaming Software market report published by Reports and Markets offers a competency-based analysis and global market estimate, developed using evaluable methods, to provide a clear view of current and expected growth patterns. The report also containsInternational Group market analysis by geographic location across the globe as well as major markets.

Our new sample is updated which correspond in new report showing impact of COVID-19 on Industry

ForBetter Understanding, Download Sample PDF Copy of Free Streaming Software Market Research Report @

The key manufacturers covered in this report are@ OBS Studio, Nvidia, Xsplit, Streamlabs OBS, Lightstream, and

The report provides a calculated assessment of theFree Streaming Softwaremarket data analyzed. It explains different opportunities for different industries, suppliers, organizations, and associations that offer different products and services, for example, by giving specific guidance on how to expand in the competition for reliable consumer services. The report provides detailed information on major market competitors and emerging companies with significant market share based on high-quality demand, revenue, sales, product manufacturers, and service providers.

Market Dynamics

Different parameters are used to identify either the growth of the Free Streaming Software market globally or the decline of the market. These different factors are comprehensively analyzed and solutions, as well as ways to increase the market share, are presented in the report. The market growth rate based on the volume of units sold and the value of each product manufactured is identified and is presented in detail. The market share occupied by each of the different products is analyzed for the base period that comprises the year 2016to the year 2027and the forecast period.

Research Methodology

The data that has been collected is from a multitude of different services that include both primary and secondary sources. The data also includes a list of the different factors that affect the Free Streaming Software market either positively or negatively. The data has been subjected to a SWOT analysis that can be used to accurately predict the various parameters that are used to measure a companys growth. The strengths along with various weaknesses faced by a company are included in the report along with a comprehensive analysis of the different threats and opportunities that can be exploited.

Overview

The report published on the globalFree Streaming Software market is a comprehensive analysis of a variety of factors that are prevalent in the Free Streaming Software market. An industrial overview of the global market is provided along with the market growth hoped to be achieved with the products that are sold.Major companies who occupy a large market share and the different products sold by them in the global market are identified and are mentioned in the report. The current market share occupied by the globalFree Streaming Software market from the year 2016 to the year 2027has been presented.

Report Answers Following Questions:

What are the factors driving the growth of the market?

What factors are inhibiting market growth?

What are the future opportunities in the market?

Which are the most dynamic companies and what are their recent developments within the Free Streaming Software Market?

What key developments can be expected in the coming years?

What are the key trends observed in the market?

Get Complete Toc On This Premium Report, Click Here @

The report offers in-depth assessment of the growth and other aspects of the Free Streaming Software market in important countries (regions), including:

North America

Europe

Asia Pacific Counter

Middle East & Africa

Latin America

America Country (United States, Canada)

South America

Asia Country (China, Japan, India, Korea)

Europe Country (Germany, UK, France, Italy)

Other Country (Middle East, Africa, GCC

TABLE OF CONTENT

1 Report Overview

2 Global Growth Trends

3 Market Share by Key Players

4 Breakdown Data by Type and Application

5 United States

6 Europe

7 Chi na

8 Japan

9 Southeast Asia

10 India

11 Central & South America

12 International Players Profiles

13 Market Forecast 2020-2027

14 Analysts Viewpoints/Conclusions

15 Appendix

About Author:

Market research is the new buzzword in the market, which helps in understanding the market potential of any product in the market. This helps in understanding the market players and the growth forecast of the products and so the company. This is where market research companies come into the picture. Reports And Markets is not just another company in this domain but is a part of a veteran group called Algoro Research Consultants Pvt. Ltd. It offers premium progressive statistical surveying, market research reports, analysis & forecast data for a wide range of sectors both for the government and private agencies all across the world.

Contact Us:

Sanjay Jain

Manager Partner Relations & International

https://www.reportsandmarkets.com/

Ph: +1-352-353-0818 (US)

View post:
(IMPACT OF COVID-19) Global Free Streaming Software Market Register a xx% CAGR in Terms of Revenue By 2025 With COVID-19 Outbreak- OBS Studio, Nvidia,...

New Jersey, United States,- Market Research Intellect has added the latest research on the Free Streaming Software Market which offers a concise outline of the market valuation, industry size, SWOT analysis, revenue approximation, and the regional outlook of this business vertical. The report precisely features the key opportunities and challenges faced by contenders of this industry and presents the existing competitive setting and corporate strategies enforced by the Free Streaming Software market players.

The Free Streaming Software market report is an amalgamation of the key trends influencing the industry growth with respect to the competitive scenario and regions where the business has been successful. Furthermore, the study discusses the various restraints of the industry and uncovers the opportunities that will set the growth course. In addition, a holistic examination of the industry changes caused by the COVID-19 pandemic are also tagged in the report to aid investors and other participants in making well-informed decisions.

Key highlights from COVID-19 impact analysis:

Unveiling a brief about the Free Streaming Software market competitive scope:

The report includes pivotal details about the manufactured products, and in-depth company profile, remuneration, and other production patterns.

The research study encompasses information pertaining to the market share that every company holds, in tandem with the price pattern graph and the gross margins.

Free Streaming Software Market, By Type

Free Streaming Software Market, By Application

Other important inclusions in the Free Streaming Software market report:

A brief overview of the regional landscape:

Reasons To Buy:

About Us:

Market Research Intellect provides syndicated and customized research reports to clients from various industries and organizations with the aim of delivering functional expertise. We provide reports for all industries including Energy, Technology, Manufacturing and Construction, Chemicals and Materials, Food and Beverage, and more. These reports deliver an in-depth study of the market with industry analysis, the market value for regions and countries, and trends that are pertinent to the industry.

Contact Us:

Mr. Steven Fernandes

Market Research Intellect

New Jersey ( USA )

Tel: +1-650-781-4080

Our Trending Reports

Electric Wheelchair Market Size, Growth Analysis, Opportunities, Business Outlook and Forecast to 2026

Fuel Cell Vehicle Market Size, Growth Analysis, Opportunities, Business Outlook and Forecast to 2026

Heavy Duty Trucks Market Size, Growth Analysis, Opportunities, Business Outlook and Forecast to 2026

Mobile Payment Technology Market Size, Growth Analysis, Opportunities, Business Outlook and Forecast to 2026

Disposable Medical Devices Sensors Market Size, Growth Analysis, Opportunities, Business Outlook and Forecast to 2026

Read the original post:
Free Streaming Software Market 2020 Size by Product Analysis, Application, End-Users, Regional Outlook, Competitive Strategies and Forecast to 2027 -...

iWork has long been thought of as the third tier of productivity suites on macOS and iOS compared to G Suite and Microsoft 365, but it combines free software with a robust local application that, when used along with side G Suite for collaboration needs, creates a vast ecosystem of tools in K12. What are the reasons to use iWork in K-12?

About Making The Grade: Every Saturday, BradleyChambers publishes a new article about Apple in education. He has been managing Apple devices in an education environment since 2009. Through his experience deploying and managing 100s of Macs and 100s of iPads, Bradley will highlight ways in which Apples products work at scale, stories from the trenches of IT management, and ways Apple could improve its products for students.

When I was planning through a new lease with Apple earlier this year, I took the time to think through what applications we install locally on our school-owned Macs. Weve been a G Suite customer since 2010, and we heavily rely on Google Drive for collaboration. We had previously licensed each machine with a non-subscription version of Office, but spending that amount of money again or moving to a subscription really didnt seem like a wise use of resources.

One key benefit to having iWork in K-12 installed is that it can open .pptx, .docx, and .xlsx files that users download. Without iWork, the Preview app becomes the only app on the Mac that can open these files. Alternatively, users can upload Microsoft Office docs to G Suite and edit them. Having iWork on the Mac has made training our staff much more comfortable with our new strategy of not loading Office. Instead of having to work through all the steps to upload files to G Suite, all I had to was that iWork could open Office documents that are emailed to you or download from a website like Teachers Pay Teachers. I always encourage our staff to use G Suite by default for new documents, though.

I would argue Numbers is one of the easiest-to-learn spreadsheet tools on the market. When you first launch it, there are multiple template options to pick from to start. If you want to create a class schedule for the month, Numbers has a prebuilt template for that project. Do you want to keep a simple attendance sheet on paper? Numbers has a template for that. Teachers wont have to become spreadsheet experts to get a lot of use out of Numbers.

One of the most underrated aspects of Pages on iOS and macOS is its flexibility for page layout. Word is much more rigged with placing images, text blocks, etc. With Pages, teachers can create rich material using a wealth of multimedia tools and drag and drop it exactly where they want to use it. It reminds me a lot of how Microsoft Publisher functioned, and it was used heavily by teachers to create InDesign style documents to use in their classroom and parent materials.

For schools that are using Managed Apple IDs, iCloud File sharing provides collaboration and sharing options that work very well with Apples hardware. If you arent using G Suite, iClouds folder sharing options will be an easy way to keep fellow teachers updated with essential files and documents. iCloud file and folder sharing is an add on for iWork in K-12, but its a free add on that is enabled with managed Apple IDs.

Considering iWork is free, there is no reason not to use it in the classroom. Its easy to use, works great on all of Apples hardware, and can scale up to power user needs. I didnt even mention Keynote during this article, but its also a fantastic tool for making interactive presentations.

With our decision to get rid of Microsoft Office on all our devices, iWork has become a daily tool for our teachers to transition existing documents until Google Drive. It allows them to keep accessing all of their existing files natively on macOS. iWork in K-12 is a robust suite of tools that offers benefits even for G Suite customers

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

See more here:
Making the Grade: iWork is an essential tool for schools without Microsoft Office - 9to5Mac