Microsoft open-sources fuzzing test framework

InfoWorld - Thu, 09/17/2020 - 6:35pm

Microsoft is looking to help developers continuously fuzz-test code prior to release, via the open source OneFuzz framework.

Described as a self-hosted fuzzing-as-a-service platform, OneFuzz enables developer-driven fuzzing to identify software vulnerabilites during the development process. Source code for OneFuzz is due to arrive on GitHub on September 18.

[ Also on InfoWorld: How to improve CI/CD with shift-left testing ]

Fuzz testing is about increasing the security and reliability of native code by finding costly, exploitable security flaws. Fuzz testing involves throwing random inputs at software to find instances in which unforeseen actions could cause software to fail.

To read this article in full, please click here

Categories: InfoWorld

Using OPA to safeguard Kubernetes

InfoWorld - Wed, 09/09/2020 - 6:00am

As more and more organizations move containerized applications into production, Kubernetes has become the de facto approach for managing those applications in private, public and hybrid cloud settings. In fact, at least 84% of organizations already use containers in production, and 78% leverage Kubernetes to deploy them, according to the Cloud Native Computing Foundation.

To read this article in full, please click here

Categories: InfoWorld

The five best Kubernetes security practices

InfoWorld - Mon, 08/31/2020 - 6:00am
Everyone is moving to containers for their programs, and to manage them, almost everyone is using Kubernetes. That leads to one big problem: How do you secure Kubernetes itself?
Categories: InfoWorld