Appsec adventures

ArmorCode has launched two new apps in the ServiceNow Store, enhancing vulnerability management by integrating AI-powered data correlation and remediation. The integration aggregates vulnerability data from over 260 tools into a single actionable item in ServiceNow's Vulnerability Response modules. This improves prioritization, automates deduplication, and accelerates remediation. ArmorCode's AI-driven insights help security teams reduce manual effort and focus on the most critical issues. https://www.businesswire.com/news/home/20250303468135/en/ArmorCode-Announces-ServiceNow-Vulnerability-Response-Integration-and-Apps-Now-Available-in-Store

Microsoft Defender for Cloud has introduced new security features for containers across the software development lifecycle (SDLC). These include a CLI tool for image scanning during the build and development phases, third-party registry vulnerability assessments (like Docker Hub and Jfrog Artifactory), and an AKS security dashboard for Kubernetes clusters. These advancements help developers detect vulnerabilities early, ensure compliance, and integrate security within DevSecOps processes. https://techcommunity.microsoft.com/blog/microsoftdefendercloudblog/secure-containers-software-supply-chain-across-the-sdlc/4384925

GitLab has addressed five security vulnerabilities in its Community and Enterprise Editions, with patches released for versions 17.7.6, 17.8.4, and 17.9.1. Two high-severity issues allow attackers to execute malicious code through XSS attacks, while other vulnerabilities could expose unauthorized data. The vulnerabilities were reported via GitLab's bug bounty program. Admins are advised to update their instances promptly. GitLab.com has already been patched, so GitLab Dedicated customers do not need to take further action. https://www.heise.de/en/news/Security-vulnerabilities-in-Gitlab-reported-via-bug-bounty-program-closed-10300345.html

Cryptosoft Inc., a provider of software supply chain managed services for dependency management and vulnerability tracking, has announced securing an investment to expand its services. This funding aims to enhance Cryptosoft's capabilities in managing software dependencies and tracking vulnerabilities, addressing critical challenges in software supply chain security. The investment underscores the growing importance of securing software supply chains and the role of managed services in mitigating associated risks. https://www.prweb.com/releases/cryptosoft-inc-secures-investment-to-expand-software-supply-chain-security-service-302387471.html

The RSA Conference (RSAC) 2025 is scheduled for April 28 to May 1, 2025, at the Moscone Center in San Francisco. The event will focus on key topics such as analytics and intelligence, cloud security, fraud prevention, and incident management. Vasu Jakkal, Microsoft's Corporate Vice President of Security, will deliver a keynote on "Security in the Age of Agentic AI." Other Microsoft executives, including Aanchal Gupta, Angelica Faber, Ann Johnson, Kelly Bissel, and Sherrod DeGrippo, will also participate. Additionally, partners like Akamai, EY, Huntress, MongoDB, and Schneider Electric will be present. Attendees can engage in networking sessions, interactive activities like an exhibition 'bar crawl', learning labs, and hands-on experiences in the sandbox area, featuring activities such as capture the flag and an escape room.   https://www.technologyrecord.com/article/rsac-2025-shaping-the-future-of-security

Google has called for industry-wide memory safety standards to enhance software security. The company emphasizes the importance of adopting secure coding practices and standards to prevent vulnerabilities that could be exploited by attackers. By collaborating on unified guidelines, the tech industry aims to improve the overall security posture of software applications. https://www.techspot.com/news/107006-google-calls-industry-wide-memory-safety-standards-enhance.html