Independent software vendors, along with Internet of Things and cloud vendors, are involved in a market transformation that is making them look more alike. The similarities are evident in the way they approach software security initiatives, according to a report from Synopsys. Synopsys has released its ninth annual Building Security in Maturity Model, or BSIMM9.

Every child who's ever played a board game understands that the act of rolling dice yields an unpredictable result. In fact, that's why children's board games use dice in the first place: to ensure a random outcome that is -- from a macro point of view -- about the same likelihood each time the die is thrown. Consider what would happen if someone replaced the board game's dice with weighted dice.

A lot of people might have thought Oracle's announcement of the autonomous database at last year's OpenWorld and its subsequent release earlier this year were the whole story, but there's a lot more. This week's webcast featuring Larry Ellison was proof. Ellison must find his CTO role -- since he handed the CEO reins to Safra Catz and Mark Hurd -- to be stimulating and liberating at the same time.

There are times when looking at something narrowly can be more effective than taking a wider and more comprehensive view. If you don't believe me, consider the experience of looking at organisms in a microscope or watching a bird through binoculars. Distractions are minimized, allowing optimal evaluation and analysis of what's under investigation.

Red Hat has launched its Fuse 7 cloud-native integration solution and introduced Fuse Online, an alternative iPaaS. Red Hat Fuse is a lightweight modular and flexible integration platform with a new-style enterprise service bus to unlock information. It provides a single, unified platform across hybrid cloud environments for collaboration between integration experts, application developers and business users.

Oracle has been on a security campaign ever since Larry Ellison openly began discussing the new "autonomous database" -- so called because it can manage itself, including self-patching and upgrading, without human effort. The hands-off database can eliminate human labor to keep it tuned and running, according to Oracle, greatly reducing the time between availability and implementation.

A significant percentage of IT systems are cloud-based, according to a recent survey. The cloud is a key enabler for emerging technology, suggests the CompTIA poll, which was conducted last month. Cloud computing was one of four trends respondents expected to feature heavily in IT conversations over the next 12 to 18 months, the survey found. Others were AI, the IoT and cybersecurity.

In spite of all the high-profile breaches that seem to sweep the headlines with greater frequency, companies slowly but surely have been getting a handle on internal security practices. At this point, it's hard to imagine any employee, in or out of the tech sector, who hasn't been run through antiphishing training. However, security is only as strong as its weakest link.

If you're a cybersecurity practitioner, chances are good that you've heard the term "zero trust" over the past few months. If you attend trade shows, keep current with the trade media headlines, or network with peers and other security pros, you've probably at least heard the term. Depending on whom you're talking to, you'll get a different answer about what it is and why it might be useful.

WhiteSource has launched its next-generation software composition analysis technology, dubbed "Effective Usage Analysis," with the promise that it can reduce open source vulnerability alerts by 70 percent. The newly developed technology provides details beyond which components are present in the application. It provides actionable insights into how components are being used.

Black Duck by Synopsys has released the 2018 Open Source Security and Risk Analysis report, which details new concerns about software vulnerabilities amid a surge in the use of open source components in both proprietary and open source software. The report provides an in-depth look at the state of open source security, license compliance and code-quality risk in commercial software.

The Fedora Project has announced the general availability of Fedora 28, which introduces a new software delivery system based on a modular repository. The new system provides alternative versions of the software and updates that come with the default release, according to Fedora Project Leader Matthew Miller. It enables users to update specific components at the speed that meets their needs.

Smart home and consumer IoT solutions promise significant opportunities for the insurance industry in terms of reducing costs, alleviating risks, deepening customer engagement, and creating new services and revenue streams. There are many barriers ahead to overcome, but given the tremendous upside, insurance companies have begun attacking these challenges with a multi-tiered strategy.

Nearly a week after it became the target of one of the largest ransomware attacks to date, the City of Atlanta has made progress toward recovery, but it is still far from business as usual. Hackers encrypted many of the city government's vital data and computer systems. Mayor Keisha Lance Bottoms characterized the ransomware attack as "a hostage situation."

It's a truism that just like organizations adapt, so too do criminals. Anyone who has ever seen a Wells Fargo commercial knows that there was a time when stagecoaches were a normative method for transporting cash and valuables. But what modern criminals in their right mind would attempt robbing a Brink's truck on horseback? That strategy might have worked well in the days of the Pony Express.

SentinelOne has released Blacksmith, a free Linux tool that can detect Meltdown vulnerability exploitation attempts. The company has been working on a similar tool to detect Spectre vulnerability attacks. Though free, Blacksmith is not open source. SentinelOne decided to expedite its development in-house to save time, said Raj Rajamani, vice president of product management.

In the security world, there is a truism that defense is harder than offense because it's an asymmetric playing field. The bad guys need only find one path into an environment -- one place where everything hasn't been done exactly "just so" and perfectly -- while those charged with securing that environment need to protect against intrusions everywhere they have a technology footprint.

There are times when it seems like technology can work almost too well. Now, if working too well sounds to you like an impossibility, reflect that there's more to a technology than end-user experience. In addition to the experience of using the technology, there are other considerations that play a role: things like maintenance, operations and ongoing support.

Amazon Web Services on Monday unveiled a new per-second pricing plan for EC2 instances and EBS volumes, which will take effect Oct. 2. The new pricing for Elastic Compute Cloud and Elastic Block Storage used with EC2 instances will allow greater flexibility and efficiency for customers wanting to expand their use of cloud computing data, AWS said.

Federal agencies have begun using an emerging information technology tool to manage the huge amount of data the United States government generates and stores. Federal IT managers recently have embraced the concept of convergence, which has been gaining traction in the private sector. Agencies also have indicated that the approach may be useful for other federal IT applications.

Open source hiring has been hampered by a lack of trained job-takers, according to The Linux Foundation, which released its sixth annual summary of career opportunities in open source last week. The report provides an overview of open source career trends, along with factors that motivate industry professionals, and methods employers use to attract and retain qualified talent.

Ask any security practitioner about ransomware nowadays, and chances are good you'll get an earful. Recent outbreaks like Petya and WannaCry have left organizations around the world reeling, and statistics show that ransomware is on the rise. For example, 62 percent of participants surveyed for ISACA's recent "Global State of Cybersecurity" survey experienced a ransomware attack in 2016.

If you're a Linux user, at some point in some tutorial or troubleshooting guide you've more than likely encountered Linux's magic word: "sudo". A casual observer probably can tell you that it's used to access restricted functions on your computer, but there is much more to it than that. My hope is that by taking a moment to learn about the power of "sudo", you will be better equipped to use it.

By this point, most technology practitioners -- and nearly all security practitioners -- know about WannaCry. In fact, you might be sick of people analyzing it, rehashing it, sharing "lessons learned" about it, and otherwise laying out suggestions -- in some cases, contradictory -- about what you might do differently in the future. The level of unsolicited advice can border on the annoying.

Microsoft on Thursday said it has agreed to buy a Hexadite, which incorporates artificial intelligence in its automated responses to cyberthreats. The acquisition will help bolster the company's efforts to help commercial Windows 10 customers deal with advanced attacks on their networks, Microsoft said. The acquisition will include Hexadite's endpoint security automated remediation.

Competition in telecom price and service packages has been getting a lot of attention lately. However, network providers also have been pursuing other opportunities that consumers might miss if they're exposed only to traditional advertising. AT&T's cooperation with the U.S. government in developing a national emergency responder network is a case in point.

Information security practices are undergoing a transformation. For at least a decade, environments have been becoming less perimeter-centric: Gone are the good old days when in-line controls protected the trusted, safe interior from the "wild west" of the outside. As environments become more complex and externalized, the traditional "perimeter" loses meaning.

Crate.io has announced the general availability of the first non-beta release of CrateDB 1.0, an open source SQL database that enables real-time analytics for machine data applications. CrateDB is an SQL database alternative to NOSQL machine data management solutions. It gives mainstream SQL developers access to machine data applications that previously were available only using NoSQL solutions.

Chip manufacturer Broadcom on Wednesday announced that it would buy Brocade Communications, a major supplier of fiber channel storage area networking technology to data centers, for $5.5 billion in cash and the assumption of Brocade's $400 million debt. That represents a 47 percent premium over Brocade's closing share price last week, said Brocade CEO Lloyd Carney.

Red Hat and Ericsson on Wednesday announced an alliance meant to speed adoption of open source solutions in the information and communications technology space. The alliance will help promote a range of fully open source and production-ready cloud solutions, spanning OpenStack, software defined-networking and software-defined infrastructure, the companies said.