In today’s digital environment, no company is immune to cyberattacks. In fact, more than one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data, according to IDC.1 From the Capital One incident to the SolarWinds attack, businesses and organizations of all facets and sizes are at the forefront of such threats.

Since 2018, General Data Protection Regulation (GDPR) has been on everyone’s lips – and for good reason. It’s the gold standard for consumer protection. While privacy laws present challenges to enterprises big and small, we can’t escape the reality that consumer data is constantly mined and sold.

Gartner recently released a report highlighting the top trends in cybersecurity for 2022. They discuss how businesses must reframe their security practices, rethink their technology, and adopt new responses to modern threats. This is in line with DevSecOps trends that we see in the market and hear about from our customers. Companies that are working in this way are taking a more holistic approach to cybersecurity by adopting tools that speed up and, when possible, automate security.

With agile development, the software development life cycle has evolved, with a focus on customer satisfaction to enhance product features based on user feedback. This helps shorten the time to market, since teams can release a minimally viable product, then continuously improve its features. The agile technique encourages team cooperation through sprints, daily standups, retrospectives, testing, quality assurance and deployment.

We have many articles on what Qovery is and how to use it, but today we cover a critical topic: security! Protecting your business is probably one of the most important criteria when choosing a product, and here at Qovery, we take this topic very seriously, so let me ease your mind and show you what makes Qovery secure 🔒

It’s been a week. A long week. After the most recent Board of Directors meeting, your senior leadership tasked you with finding a security analytics solution. Over the last month, you’ve worked with leadership to develop some basic use cases to determine which solution meets your security and budget needs. You started your research, but everything on the market seems really overwhelming.

On March 30th, 2022, rumors began to swirl around a GitHub commit from a researcher containing proof of concept (POC) exploit code. The exploit targeted a zero-day in the Spring Core module of the Spring Framework, and was quickly confirmed against specific versions of Spring Core with JDK 9 and above. Anything running Tomcat is most at risk given the POC was based on Tomcat apps. This threat posture will evolve over time as new vectors and payloads are discovered and distributed.

Just a couple of days after Google announced a high-risk zero-day vulnerability in Chrome, Apple disclosed two zero-day vulnerabilities affecting their operating system on both mobile and desktop devices. The company has already issued updates for its iOS and macOS users. The patched versions are as follows: As for the Apple zero-day exploits, they were reported anonymously.