Security – Software Engineering Daily

Snyk is a platform for security that started with open source scanning and has expanded into container security, infrastructure as code, and other products. Snyk is a simple product to use, but has hidden complexities that build large data structures to manage and scan code dynamically. In a previous episode we discussed the core Snyk The post Snyk Engineering with Guy Podjarny appeared first on Software Engineering Daily.

Everyone is becoming increasingly aware of supply chains for physical goods.  Software has its own supply chain.  A supply of open source solutions exists as does a demand for these solutions by industry.  Both have surely grown, but it would be nice to have a way of measuring by how much. The State of Software The post The State of Software Supply Chain 2021 with Ilkka Turunen appeared first on Software Engineering Daily.

Microservice architecture has become a ubiquitous design choice.  Application developers typically have neither the training nor the interest in implementing low-level security features into their software.  For this and many other reasons, the notion of a service mesh has been introduced to provide a framework for service-to-service communication. Today’s guest is Zack Butcher.  While working The post Tetrate Service Bridge with Zack Butcher appeared first on Software Engineering Daily.

Neural networks, in particular, deep neural networks have revolutionized machine learning.  Researchers and companies have pushed on the efficiency of every aspect of the machine learning lifecycle.  The impact of the trained models is particularly significant for computer vision and in turn for autonomous driving and security systems. In this episode, I interview Forrest Iandola, The post Deploying Computer Vision to the Edge at Anduril Industries with Forrest Iandola appeared first on Software Engineering Daily.

The notebook paradigm of coding is relatively new in comparison to REPLs and IDEs.  Notebooks run in your browser and give you discrete cells for running segments of code.  All the code in a single cell runs at once, but cells run independently.  Cells can be re-run, which is a blessing and a curse.  The The post NBSafety for Jupyter Notebooks with Stephen Macke appeared first on Software Engineering Daily.

Phishing attacks, malware, and ransomware are just some of the major threats everyone connected to the internet faces.  For companies, the stakes are especially high.  Setting up a secure infrastructure is difficult.  Your adversary only needs to find one flaw to get in. Vancord is a private cybersecurity company, based in Connecticut, that was founded The post Cybersecurity Threats with Jason Pufahl and Russell Jancewicz appeared first on Software Engineering Daily.

Money laundering is not a new crime.  However, the growth of digital communications has greatly expanded the opportunity for money launderers to find innovative new ways to hide their true intent.  Some estimates suggest it could be as high as 2-5% of the world’s GDP. Unit21 is a customizable no-code platform for risk and compliance The post Detecting Money Laundering with Clarence Chio appeared first on Software Engineering Daily.

Web applications often have some sort of login system, and once a user creates an account, they have access to features anonymous users can’t see.  In time, application designers will often add an admin level of access for special users.  This is often a slow trickle of technical debt.  Proper execution of a programmatic authorization The post Authorization with Sam Scott appeared first on Software Engineering Daily.

Application security is usually done with a set of tools and services known as SIEM – Security Information and Event Management. SIEM tools usually try to provide visibility into an organization’s security systems, as well as event log management and security event notifications.  The company Panther takes traditional SIEM security a step further. Panther processes The post Panther: Security as Code with Jack Naglieri appeared first on Software Engineering Daily.

According to Fugue’s new State of Cloud Security 2020 report, cloud misconfiguration remains the top cause of data breaches in the cloud, and millions of database servers are currently exposed across cloud providers. Some of the leading reasons are a lack of adequate oversight and too many APIs and interfaces to govern. (securityaffairs.co).  Argos Security The post Argos Security: Cloud Configuration Security with David O’Brien appeared first on Software Engineering Daily.

Ryan Noon is the CEO of Material Security.   This interview was also recorded as a video podcast. Check out the video on the Software Daily YouTube channel.   Sponsorship inquiries: sponsor@softwareengineeringdaily.com The post Material Security with Ryan Noon appeared first on Software Engineering Daily.

SOC 2 is a security audit to prove that SaaS companies have secured their company and customer data. It’s often considered the minimum audit necessary to sell software. HIPAA is a federal law regulating how sensitive medical information about patients must be handled. ISO 27001 is the global benchmark for demonstrating your information security management The post Vanta: Maintaining Security Standards with Christina Cacioppo appeared first on Software Engineering Daily.

In this episode we discuss plug and play auth, password management, and crypto with Sean Li, co-founder and CEO of Magic. This interview was also recorded as a video podcast. Check out the video on the Software Daily YouTube channel. Sponsorship inquiries: sponsor@softwareengineeringdaily.com The post Magic with Sean Li appeared first on Software Engineering Daily.

Encryption algorithms provide the means to secure and transfer sensitive information by taking input and transforming it into an unreadable output. Usually a special key, or multiple keys, are needed to unscramble the information back to the original input. These algorithms power the security of everything from our cell phone lock screens to Fortune 500 The post Skiff: Secure Document Collaboration with Andrew Milich appeared first on Software Engineering Daily.

Static analysis is a type of debugging that identifies defects without running the code. Static analysis tools can be especially useful for enforcing security policies by analyzing code for security vulnerabilities early in the development process, allowing teams to rapidly address potential issues and conform to best practices. R2C has developed a fast, open-source static The post Semgrep: Modern Static Analysis with Isaac Evans appeared first on Software Engineering Daily.

Security is more important than ever, especially in regulated fields such as healthcare and financial services. Developers working in highly regulated industries often spend considerable time building tooling to help improve compliance and pass security audits. While the core of many security workflows is similar, each industry and each organization may have its own idiosyncratic The post Sym: Security Workflows with Yasyf Mohamedali appeared first on Software Engineering Daily.

Network discovery allows enterprises to identify what devices are on their network. These devices can include smartphones, servers, desktop computers, and tablets. Being able to index the devices on a network is crucial to figuring out the security profile of that network. HD Moore is a founder of Rumble Networks, a company focused on network The post Network Discovery with HD Moore appeared first on Software Engineering Daily.

Osquery is a tool for providing visibility into operating system endpoints. It is a flexible tool developed originally at Facebook. Ganesh Pai is the founder of Uptycs, a company that uses Osquery to find threats and malicious activity occurring across nodes. Ganesh joins the show to talk about Osquery usage and his work on Uptycs. The post Osquery with Ganesh Pai appeared first on Software Engineering Daily.

Anduril is a technology defense company with a focus on drones, computer vision, and other problems related to national security. It is a full-stack company that builds its own hardware and software, which leads to a great many interesting questions about cloud services, engineering workflows, and management. Gokul Subramanian is an engineer at Anduril, and The post Anduril Engineering with Gokul Subramanian appeared first on Software Engineering Daily.

Logs are the source of truth. If a company is sufficiently instrumented, the logging data that streams off of the internal infrastructure can be refined to tell a comprehensive story for what is changing across that infrastructure in real time. This includes logins, permissions changes, other events that could signal a potential security compromise. Datadog The post Security Monitoring with Marc Tremsal appeared first on Software Engineering Daily.