Skip to main content

SD Times news digest: WhiteSource supports Microsoft VS Code Editor, Microsoft’s Zero Trust deployment guide, and Google’s steps on OAuth 2.0 flows

WhiteSource has announced it will now integrate with Microsoft Visual Studio Code Editor. According to the company, the integration gives Visual Studio Code developers visibility and security alerts on problematic open-source components while continuing to develop within their preferred development environment.

“Integrating security testing pre-build allows issues to be detected earlier when they are easier and quicker to fix. With this integration, WhiteSource gives developers the information they need, when they need it, in their own environment,” WhiteSource wrote in a announcement.

With this new addition, WhiteSource now supports Visual Studio Code, Visual Studio, IntelliJ, and Eclipse. 

Microsoft announces Zero Trust deployment guide
Microsoft’s Zero Trust deployment guide focuses on how to deploy and configure Microsoft Cloud App Security to apply Zero Trust principles across the app ecosystem, regardless of where those apps reside.

Specifically, the guide will cover the discovery of Shadow IT to ensure that appropriate in-app permissions are enforced, gating access based on real-time analytics, monitoring for abnormal behavior based on real-time UEBA, controlling user interactions with data, and assessing the cloud security posture of an organization.

The full deployment guide is available here.

Google’s guide on setting up OAuth 2.0 flows
Google released a guide to help developers set up OAuth 2.0 in supported user-agents,and to inform developers how to enable sign-in on their framework-based apps and how to test for compatibility.

This comes after Google announced that all embedded frameworks will be blocked on January 4th, 2021 to protect users from “man-in-the-middle” attacks. 

Google recommends using browser-based OAuth 2.0 flows for app developers that use CEF or other clients for authorization on devices.

For limited-input device applications, such as applications that do not have access to a browser or have limited input capabilities, Google recommends using limited-input device OAuth 2.0 flows.

Additional details are available here.

OMG and IIC announce new IoT security maturity model
The Object Management Group and Industrial Internet Consortium has announced the release of IoT Security Maturity Model (SMM) 1.2. The new release is targeted specifically at the retail industry and point-of-sale devices.

“Internet-connected devices, from point-of-sale payment devices such as signature scanners, to audit-logging devices such as printers and cash dispensers, have dramatically increased retail industry security threats,” said Andy Mattice, co-chair of the OMG Retail Domain Task Force, and solutions enablement at Lexmark. “New threats are constantly emerging, and attackers are becoming more capable and organized. At the same time, compliance requirements for security and data protection are becoming more stringent. Retail organizations are rightly concerned about developing robust security and data protection plans.”

The model will help organization determine the level of security needed for their business.

More information is available here.

Weekly Apache news roundup 
Last week saw the release of Apache Commons JCS 3.0, JCS is a distributed caching system written in Java that adds new functionality related to multi-threaded programming below the java.util.concurrent package. 

New library releases also included Apache Log4cxx 0.11.0 and Apache CXF 3.4.0.

Apache OpenMeetings 5.0.0-M4 provides WebRTC audio/video/screen-sharing in the Room. Also, flash plugin is no longer required in the browser and Java 11 is required. 

The Big Data projects of Apache have seen a number of updates including HBase 2.3.1, Calcite 1.25.0, and Flink 1.10.2.

The full roundup is available here.

The post SD Times news digest: WhiteSource supports Microsoft VS Code Editor, Microsoft’s Zero Trust deployment guide, and Google’s steps on OAuth 2.0 flows appeared first on SD Times.



from SD Times https://ift.tt/3hL0SFl

Comments

Popular posts from this blog

Difference between Web Designer and Web Developer Neeraj Mishra The Crazy Programmer

Have you ever wondered about the distinctions between web developers’ and web designers’ duties and obligations? You’re not alone! Many people have trouble distinguishing between these two. Although they collaborate to publish new websites on the internet, web developers and web designers play very different roles. To put these job possibilities into perspective, consider the construction of a house. To create a vision for the house, including the visual components, the space planning and layout, the materials, and the overall appearance and sense of the space, you need an architect. That said, to translate an idea into a building, you need construction professionals to take those architectural drawings and put them into practice. Image Source In a similar vein, web development and design work together to create websites. Let’s examine the major responsibilities and distinctions between web developers and web designers. Let’s get going, shall we? What Does a Web Designer Do?

A guide to data integration tools

CData Software is a leader in data access and connectivity solutions. It specializes in the development of data drivers and data access technologies for real-time access to online or on-premise applications, databases and web APIs. The company is focused on bringing data connectivity capabilities natively into tools organizations already use. It also features ETL/ELT solutions, enterprise connectors, and data visualization. Matillion ’s data transformation software empowers customers to extract data from a wide number of sources, load it into their chosen cloud data warehouse (CDW) and transform that data from its siloed source state, into analytics-ready insights – prepared for advanced analytics, machine learning, and artificial intelligence use cases. Only Matillion is purpose-built for Snowflake, Amazon Redshift, Google BigQuery, and Microsoft Azure, enabling businesses to achieve new levels of simplicity, speed, scale, and savings. Trusted by companies of all sizes to meet

2022: The year of hybrid work

Remote work was once considered a luxury to many, but in 2020, it became a necessity for a large portion of the workforce, as the scary and unknown COVID-19 virus sickened and even took the lives of so many people around the world.  Some workers were able to thrive in a remote setting, while others felt isolated and struggled to keep up a balance between their work and home lives. Last year saw the availability of life-saving vaccines, so companies were able to start having the conversation about what to do next. Should they keep everyone remote? Should they go back to working in the office full time? Or should they do something in between? Enter hybrid work, which offers a mix of the two. A Fall 2021 study conducted by Google revealed that over 75% of survey respondents expect hybrid work to become a standard practice within their organization within the next three years.  Thus, two years after the world abruptly shifted to widespread adoption of remote work, we are declaring 20