The Qwiet blog

As the neverending stream of publications implementing Executive Order (EO) 14028 continue to drop, the National Institute of Standards and Technology (NIST) continues to provide additional guidance. At the end of August 2023, NIST released its most recent draft Special Publication (SP) 800-204D “Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD […]

At the end of August 2023, Jenkins announced it experienced 79% growth between June 2021 and June 2023. With an estimated 44% market share, Jenkins is a critical technology automating CI/CD pipelines.  As a technology pervasive across the developer community, the Jenkins vulnerabilities announced on August 6, 2023, will likely attract attackers seeking to infiltrate […]

By Lukas Seidel Coding in dynamic languages like JavaScript and Python is fun and allows for fast iterations, but it comes with a cost. Without proper type information, developers are missing out on the ability to catch bugs early and get helpful IDE support. But the absence of properly typed variables makes life tricky not […]

As the US federal government continues to inch toward implementing the various national cybersecurity executive orders and implementation strategies, the Cybersecurity and Infrastructure Security Agency (CISA) will be publishing more documents to help companies achieve the desired outcomes. To be more succinct, agencies are going to write a lot about actions developers must take to […]

Introduction The age of SPAs, or single-page applications, has dawned. Everywhere we look, seamless user experiences and dynamic content loading take the forefront. However, such power and efficiency come with its fair share of challenges—especially in security. SPAs have revolutionized the way users interact with web applications. With faster transitions, reduced server load, and a […]

Fedora Linux has long been a favorite operating system (OS) for developers looking for an innovative, free environment. Originally developed and now sponsored by Red Hat, the open-source Fedora Project has a little something for everyone with its Workstation, Server, Internet of Things (IoT), Virtual Machine (VM), and container-optimized CoreOS options.  As a trusted open-source […]

Introduction The world of application development is a balance between providing features and ensuring security. One tool that stands as a bridge between functionality and security is the JSON Web Token (JWT). While powerful and versatile, like all tools, it requires understanding and caution in its implementation. A Primer on JWTs JWT is a concise, […]

You can admit it. You love Docker because it makes building, testing, and shipping software easier for you. The problem is that attackers love Docker, too. Even if you’re already scanning for Docker container vulnerabilities, your code could still create a data security risk. The good news is that OWASP has your back. Recognizing that […]

Most people find compliance a big ol’ snoozefest. It consumes time and resources that could be better allocated elsewhere. The language that regulatory bodies use is so “lawyered!” as to be nearly incomprehensible. For developers, the recent requirements around secure software attestations that start bringing the President’s “Executive Order on Improving the Nation’s Cybersecurity” (EO) […]