ExpressVPN | November 24, 2022
Leading consumer privacy and security company ExpressVPN has validated the security posture of all its desktop apps through three new independent audits by respected cybersecurity firms, Cure53 and F-Secure. The three new audits come just weeks after KPMG's audit of ExpressVPN's no-logs policy, underlining ExpressVPN's dedication to third-party privacy and security verifications.
Cure53 tested both ExpressVPN's macOS and Linux desktop apps through white-box penetration tests and source code audits. The assessments confirm that the apps are secured against cyber security threats from malicious adversaries. This also validates the extensive work done by ExpressVPN's engineering and security experts in building a safer, more open internet for millions of people worldwide.
F-Secure also reviewed ExpressVPN's Windows v12 app through penetration testing and source code auditing, and found no significant weaknesses. The audit verifies that ExpressVPN's latest Windows desktop app cannot be manipulated to leak information, such as a user's IP address, outside the VPN tunnel. It also confirms that the app is not susceptible to remote code execution attacks.
Having all of ExpressVPN's desktop apps audited means that users can go online with the assurance that their privacy is protected, and do so confidently.
The full audit report by Cure53 for macOS can be found here and Linux here. F-Secure's audit of ExpressVPN's Windows v12 app is available here.
"As part of our continuous trust and transparency efforts, we're proud to announce that all of our desktop apps have now been audited, These audits are a testament to the efforts we put into improving and securing our product, and we're glad to receive the validation from Cure53 and F-Secure. We're committed to delivering audits on our mobile apps soon, and will continue to ensure privacy and security at every touchpoint of our product."
Brian Schirmacher, penetration testing manager at ExpressVPN
Since 2009, ExpressVPN has empowered millions of users to take control of their internet experience. The company's award-winning consumer VPN service is backed by its open-source VPN protocol Lightway, delivering user privacy in just a few clicks. ExpressVPN's Keys password manager and Aircove router make digital privacy and security easy and accessible for all. With a commitment to transparency, ExpressVPN products have been audited by PwC, Cure53, and others.
VIRTUAL DESKTOP STRATEGIES
Red Hat | November 23, 2022
Red Hat, Inc., the world's leading provider of open source solutions, today announced the general availability of Migration Toolkit for Applications 6, based on the open source project Konveyor, aimed at helping customers accelerate large-scale application modernization efforts. The toolkit enables customers to better assess, prioritize and modernize their applications across hybrid cloud environments on Red Hat OpenShift, the industry’s leading Kubernetes platform.
Few would disagree that the technology landscape has shifted dramatically in recent years. According to Red Hat’s 2022 State of Application Modernization Report, organizations plan to modernize 54% of their custom applications during the next year, and over a quarter of these workloads during the next six months. In the medium term, respondents also reported that 80% of applications will be modernized in the next two years. It’s clear that the reliance on virtualization, as we currently understand it, has shifted. Organizations are embracing cloud-native technologies to meet heightened user expectations and market competition, but this doesn’t happen overnight. With Migration Toolkit for Applications and related services and offerings, Red Hat is helping customers modernize applications at their speed and on their timelines.
Migration Toolkit for Applications is an integrated assembly of tools that support Java application modernization and migration projects at scale across a broad range of use cases. Now designed to help migration leads and developers find the best and most reliable modernization path forward, Migration Toolkit for Applications 6 includes:
New application inventory and assessment modules that assist organizations in managing, classifying and tagging their applications while assessing application suitability for deployment in containers, including flagging potential risks for migration strategies.
Full integration with source code and binary repositories to automate the retrieval of applications for analysis along with proxy integration including HTTP and HTTPS proxy configuration managed in the user interface.
Improved analysis capabilities with new analysis modes, including source and dependency modes that parse repositories to gather dependencies and add them to the overall scope of the analysis. There is also a simplified user experience to configure the analysis scope, including open source libraries.
Enhanced RBAC powered by Red Hat Single Sign-On, defining three new differentiated personas with different permissions to suit the needs of each user—administrator, architect and migrator—including credentials management for multiple credential types.
Administrator perspective to provide tool-wide configuration management for administrators.
Open source community drives containerization leap
Kubernetes is fueled by a vibrant open source community and to further drive adoption, Red Hat and IBM Research created Konveyor. Konveyor is an open source project aimed at helping modernize and migrate applications for open hybrid cloud deployments by building tools, identifying patterns and providing advice on bringing cloud-native transformation across IT. The Cloud Native Computing Foundation (CNCF) project forms the foundation for Migration Toolkit for Applications and with this set of tools, organizations can have deeper insight throughout their adoption process—whether they’re making decisions at the portfolio or application level. To learn more about the latest version of Migration Toolkit for Applications, visit the webpage here.
“Hybrid cloud isn’t just the future of computing—it’s here now, and Red Hat is determined to give our customers the tools, direction and intelligence to help them bring their applications to this new world. We know that transformation doesn’t happen overnight, which is why Red Hat Modernization Toolkit for Applications is designed to accelerate modernization, not stifle it, by easing the process of bringing traditional applications to a hybrid cloud-ready platform with analysis and automation.”
James Labocki, senior director, product management, Red Hat
About Red Hat, Inc.
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.
VIRTUAL DESKTOP TOOLS,SERVER VIRTUALIZATION
Venafi | January 12, 2023
Vanafi, a leading provider of machine identity management, said that VMware has added its machine identity control plane to its Tanzu service mesh. With this integration, virtual machines, containers, and Kubernetes clusters can talk to each other in a secure way right out of the box. Customers will be able to set up and keep secure connections between applications, services, and other workloads with this integration. Enhanced multi-cloud and multi-cluster security helps to gain better observability, consistency, and freedom of choice when it comes to machine identity management, ensuring regulations are adhered to.
Vice president of security strategy and threat intelligence at Venafi, Kevin Bocek, said, "It's exciting to see VMware simplifying customers' cloud-native journeys while still ensuring enterprise-grade security." Moreover, he added, "Other service mesh – such as Istio, only support self-signed machine identities out-of-the-box, which fall outside of companies’ already existing machine identity management infrastructure and trust chains." Further, he said, "It's great to see VMWare is addressing this security gap by tapping into the control plane for machine identity management in a way that’s frictionless and security-team approved."
This enables Tanzu users integrate their service mesh with a trusted certificate authority (CA) of they select to support mutual Transport Layer Security (mTLS) between Kubernetes clusters. This integration will help customers automate the issuance and renewal of machine identities, generate identities from over 40 trusted certificate authorities, and gain unparalleled observability and freedom of choice over machine identity management. It will also help with compliance with regulations.
Venafi is a cybersecurity company that specializes in machine identity management. It offers solutions that manage and protect identities for various types of machines, including physical and IoT devices, software applications, APIs and containers. The company has a global visibility of all machine identity types and the risks associated with them.
Jetstack is a Venafi company that specializes in working with enterprises using Kubernetes and OpenShift. It is an open source pioneer and the creator of cert-manager, an industry standard for cloud native machine identity management. Jetstack's products and solutions protect the application environments and platform infrastructure for global organizations. Venafi has over 30 patents and serves security-conscious organizations and government agencies, including top U.S. health insurers, airlines, credit card issuers, and banks from the U.S., U.K, Australia and South Africa.