004,5_SDT052.qxp_Layout 1 9/27/21 4:50 PM Page 4
4
SD Times
October 2021
www.sdtimes.com
NEWS WATCH Postman updates its API platform The new and improved features include deeper integration with version control systems, all-new private API networks which provides a central directory of all internal APIs in an organization, and simplified API documentation and onboarding. The new version of the platform also includes a new enterprise governance feature in which team members with the Community Manager role can now view all public collection links created by all team members in one place, with the ability to see who created which link and remove any links to collections that are not for public viewing. Developers can now bring together key components with the definition of APIs including source code management, CI/CD, API gateways, and APM to help govern the entire API landscape, according to Postman.
Microsoft allows alternatives to passwords Microsoft today announced that users of Outlook, OneDrive, Family Safety, and more can now opt out of using passwords and choose alternative authentication methods, predicting that “the future is passwordless.” This comes after the company announced that passwordless sign-in was generally available for commercial users, bringing the feature to enterprise organizations around the world. Some of the alternative authentication methods that
Java 17 released with updates to LTS schedule The latest release of Java is now available. Java 17 is a long-term support (LTS) release, the last of which was Java 11. According to Oracle, over 70 JDK Enhancement Proposals (JEPs) have been added to the language since Java 11. With this LTS release, Oracle is also working to enhance support for customers. It worked with the developer community to improve LTS scheduling to give companies more flexibility on when to migrate to a new LTS version. The next LTS release will be Java 21 in September 2023, and this would change the LTS release cadence from three to two years. In order to make it easier to access, Oracle has made changes to the Java license. Java 17 and subsequent Java release will be provided under a free-to-use license until a year after the next LTS release. The company will continue to provide OpenJDK releases under the GPL as well. Another main focus of this release is accelerating Java adoption in cloud settings. Recently, the company introduced Java Management Service, which is an Oracle Cloud Infrastructure (OCI) service for managing Java runtimes and applications. According to the company, it provides visibility over Java deployments, highlights unplanned Java applications, and checks that the latest security patches have been applied. Along with Java 17’s release, Oracle is updating Java Management Service with new language enhancements, library updates, support for Apple M1 Silicon, and removal and deprecation of legacy features. Other enhancements in Java 17 include a macOS/AArch64 port, a new macOS rendering pipeline, sealed classes, and more.
Microsoft now offers include Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email. Microsoft software users can now visit account .microsoft.com, sign in, and choose Advanced Security Options. Under “Additional Security,” you’ll see “Passwordless Account.” Select ‘Turn on.’
Broken Access Control tops OWASP 2021 list Broken Access Control has dethroned Injection as the top vulnerability in the OWASP
2021 list, whereas it previously held fifth place. The 34 Common Weakness Enumerations (CWEs) mapped to Broken Access Control had more occurrences in applications than any other category, according to the OWASP Top 10 2021. Cryptographic Failures (which was previously known as Sensitive Data Exposure) moved up from third to second place. The renewed focus here is on failures related to cryptography which often leads to sensitive data exposure or system compromise. Injection slid down to third, with Cross-site Scripting now qualifying as part of this cate-
gory. New categories of vulnerabilities this year included Insecure Design, Software and Data Integrity Failures, and Server-Side Request Forgery.
CodeSignal announces new IDE for dev hiring CodeSignal, a technical recruiting company, announced today new advanced hiring assessment capabilities. The release features the new IDE designed to test candidates’ technical skills with real-world assessments. With the new IDE, candi-
