Why is Integrated Development Environment (IDE) Important? – Spiceworks News and Insights

An integrated development environment or IDE is defined as a software platform that facilitates the creation of other software applications by providing a space to write, compile, and debug code, sometimes with value-adding tools that reduce development efforts. This article explains IDEs different types and benefits and the top 12 options you can use.

An integrated development environment or IDE is a software platform that facilitates the creation of other software applications by providing a space to write, compile, and debug code, sometimes with value-adding tools that reduce development efforts.

Before the rise of integrated development environments in the early 90s, software developers had to write their code in a text editor like Notepad and then run it in a separate compiler. They would then have to observe all the errors, return to the text editor, and make changes to the code. This made software development an extremely cumbersome process as coding, compiling, and debugging happened in disjointed workflows.

The introduction of IDEs in the late 1980s changed all of this. Softlab Munich launched the worlds first integrated development environment, Maestro I, which came to be installed by thousands of programmers worldwide. Eventually, Microsoft came up with its own IDE, Visual Basic (VB), which became enormously popular. With Visual Basic, IDEs entered the mainstream technical lexicon and became an indispensable part of the development and DevOps lifecycle.

See More: What Is Version Control? Meaning, Tools, and Advantages

To fully answer the question, what is an integrated development environment? we need to look at the critical IDE components that make it work. These are:

Using the IDE is a relatively simple process. It does not require any special skills from a developer apart from coding skills, knowledge of development systems, and a basic familiarity with the IDE platforms features. Since every integrated development environment is slightly different (apart from offering the five essential components), one should know about the top applications in this segment.

See More: What Is Jenkins? Working, Uses, Pipelines, and Features

IDEs have existed for many years. Over time, IDEs have transformed from a simple platform for debugging and testing to an interconnected software package that functions as an extension of the developer. The integrated component distinguishes the finest IDE software from standard code-editing tools. Below are some of the best solutions available now for a coding experience that is simple and rich in features:

Microsoft Visual Studio is an integrated development environment (IDE) for creating programs with graphical user interfaces and consoles. It also supports websites, web apps, online services, and Windows Forms and WPF applications. Visual Studio has a code editor that supports IntelliSense (the component for code completion) and code refactoring. Additional installed tools include an integrated debugger, a code profiler, a GUI designer, a web developer, a class designer, and a database schema designer.

Eclipse is among the most well-known integrated development environments (IDEs) for Java. It is a desktop program that runs on several platforms. Eclipses user interface is among its most compelling features. It also supports drag-and-drop capabilities. One may also perform a static analysis on your code. Additionally, it supports debugging and profiling.

Netbeans is an open-source and free IDE. Ideal for tweaking existing projects or developing from scratch, NetBeans has an intuitive drag-and-drop interface and a multitude of helpful project templates. It is generally used for Java application development, although you may acquire packages that enable other languages.

Amethyst 2 is an integrated development environment (IDE) created by Huw Collingbourne and Dermot Hogan in 2006. Amethyst 2 is available in two editions: Amethyst Ultimate, a paid version, and Amethyst Personal, a free edition. Amethyst Ultimate offers several tools, such as Amethyst Designer, a debugger, code refactoring, etc.

Android Studio, the official Android IDE, offers the most straightforward tools for developing apps for all Android devices. Combining a configurable build system and a rapid build/deploy system enables developers to concentrate on creating feature-rich, high-quality applications and deliver promptly. Additionally, it offers an entirely free IDE.

See More: What Is Serverless? Definition, Architecture, Examples, and Applications

BlueJ is intended for university course administration and operates on Mac OS X, Windows, Linux, and other Java-based systems. It allows newcomers to begin immediately without being overwhelmed by options. BlueJ is pre-installed on the Raspberry Pi image as part of the Raspbian distribution. It is most suitable for individual programmers or small-scale software development companies. Developers may evaluate their programs and interact with brand-new items.

Komodo is accessible to almost all programmers since it supports most prominent programming languages. The simplified UI facilitates complex editing. Komodo is a commonly used IDE for mobile and web development due to its Syntax Checker and one-step troubleshooting (or debugging) capabilities. It integrates with CVS, Bazaar, Mercurial, Git, Subversion, and Perforce version control systems.

C-Free is a free integrated development environment (IDE) for C and C++ development that may be used either as an editor or as a standalone programming environment. One may independently modify, develop, and debug applications using a single, consistent process with embedded tools and capabilities that increase your skills. C-Free is also compact, with a 14MB installation size and an unpacked size of 80MB.

IntelliJ IDEA is a Java-based IDE for writing applications in Java, Kotlin, Groovy, and other JVM-based programming languages. It was created by JetBrains and is offered in two variants the official commercial edition and the Apache 2 community edition. The Ultimate edition of the IDE offers connected versioning systems, database management systems, and build or packaging tools.

AWS Cloud9 is a cloud-based IDE hosted by Amazon Web Services (AWS) that enables users to create, execute, and debug code using only a web browser. It comes with a code editor, a debugger, and a terminal. Cloud9 has pre-installed tools for major programming languages, such as JavaScript, Python, PHP, and others. With Cloud9, you can instantly offer your programming environment to your colleagues, allowing you to pair applications and monitor each others actions in real time. It also provides a smooth development experience for serverless apps.

Selenium IDE refers to Selenium Integrated Development Environment. This Firefox extension allows users to record their activities and export them as scripts in various computer languages. The recording function of Selenium IDE offers an intuitive interface for creating automated tests. The recording and replay function makes learning very simple with minimum programming language experience.

Numerous Java developers are acquainted with the local IDE Eclipse, which has been prominent for some time. It is the cloud-based edition that provides developers with a variety of capabilities. It is open-source, open to hosting on a users infrastructure, and compatible with public and private clouds and on-premises servers. Eclipse Che is consistent with a broad range of programming frameworks and languages. It is a Kubernetes-native IDE that facilitates centrally hosted workspaces with a single click.

See More: DevOps Roadmap: 7-Step Complete Guide

The global market for IDEs is worth billions of dollars, and it includes a variety of IDEs. The most noteworthy are:

Cloud-based IDEs are beginning to gain popularity. The features of these web-first IDEs are fast expanding, and all large manufacturers will probably need to provide one to remain competitive. Cloud-based IDEs allow developers to access their work from any location. Nitrous and AWS Cloud9 are both cloud-based development environment platforms that support Ruby, Python, Node.js, and other languages.

There are specialized IDEs for developers who work in a single language. CodeLite and C-Free for C/C++, Jikes and Jcreator for Java, Idle for Python, and RubyMine for Ruby/Rails are other instances. However, there has recently been a shift toward multilingual IDEs for their versatility. Sometimes, through plugins, developers may also get support for additional languages. Flycheck, for instance, is a syntax-checking plugin for GNU Emacs 24 that supports 39 different languages.

The multilanguage IDEs support many programming languages. Eclipse supports languages such as Perl, C, C++, Ruby, Python, Java, and PHP, among others. It is an open-source and free editor for several frameworks for software development. It started as a Java programming environment but has since grown by adding plugins. This integrated development environment is governed and supervised under the aegis of the Eclipse.org Consortium.

HTML application development environments are among the most prevalent IDEs available. For instance, DreamWeaver, HomeSite, and FrontPage automate several website development-related processes. These are crucial for building web-based software as a service (SaaS).

There are specialized IDEs for mobile development, such as Titanium Mobile from Appcelerator and PhoneGap. Numerous IDEs, particularly multilingual ones, include mobile-development plugins. Eclipse, for instance, has similar features. Xcode also enables the Swift and Objective-C programming languages and the Cocoa Touch and Cocoa APIs. This integrated development environment (IDE) is dedicated to creating Mac and iOS apps and contains an iPad/iPhone simulation creator and GUI designer.

See More: Top 10 DevOps Automation Tools in 2021

Developers use various tools throughout the authoring, creation, and testing phases of software development. Text editors, code libraries, software for tracking bugs, compilers, and testing platforms are some of the most prevalent development tools. Without an IDE, a developer must independently select, install, connect, and manage these tools.

An integrated development environment incorporates multiple development-related technologies into a single framework. When all utilities are displayed on a single workbench, developers do not need to spend countless hours learning how to use each one independently. This is especially useful for novice developers who may utilize an IDE to discover a teams essential processes and tools.

Integrated development environments (IDEs) are extremely important for DevOps teams for the following reasons:

Without an IDE interface, programmers must configure numerous development tools individually. By combining an IDE, developers may access the identical list of capabilities in one location, eliminating the need to often transfer between tools. Integration of development responsibilities more tightly also increases developer efficiency. No longer must programmers move between applications to complete tasks. In addition, the IDEs tools and features assist programmers in organizing resources, preventing errors, and implementing shortcuts.

A group of software developers and DevOps engineers will stick to a standardized method of operations by working within the same development environment. If the integrated development environment (IDE) provides preset templates or if code libraries are shared across multiple individuals or teams working on the same project, one may enforce standards further. It also governs the development process, making it easier for programmers to collaborate and enabling recruits to get prepped quickly so they can start as soon as possible.

Instead of working like a code editor, the IDE will do additional checks to guarantee that the code is error-free and enable users to compile the code so that they may execute it instantly. Whether one is a language-specific developer or not, this may save time and reduce the number of intermediary stages in any process.

See More: What is Root-Cause Analysis? Working, Templates, and Examples

Cloud-based IDEs may interface with several open-source management solutions through plugins and application programming interfaces (APIs). Numerous open-source code management systems are often compatible with cloud-based IDEs. GitHub is a cloud-based code-sharing and version control application that enables users to build their workflows. Bitbucket is an additional code collaboration platform that many developers use in their tech stack; it connects with developers preferred cloud IDEs and provides users with limitless private repositories. It is versatile because it can import across CodePlex, Git, and Google Code.

Developers require a compiler to convert source code to an executable. The compiler turns source code into platform-specific machine code. Compilers and associated development tools, including debuggers and profilers, are generally included inside an integrated development environment (IDE). Most compilers are intended to operate with a particular IDE or editor.

When constructing via the command line, makefiles may supply the compiler with instructions on constructing the executable. Many programmers prefer utilizing an integrated development environment (IDE) rather than makefiles because it gives all the necessary tools in a single location and avoids incompatibility concerns between multiple compilers and target systems.

Integrated development environments (IDEs) boost developer productivity, decrease installation time and accelerate development activities by keeping developers informed of the most current threats, best practices, and standardizing the development cycle so everyone can participate. They enable programmers to consider their actions in terms of the complete software development life cycle (SDLC) instead of a number of different activities.

Despite these advantages that render integrated development environments highly essential to businesses, there are a few things to keep in mind. While application security is a top concern for developers, handling security testing in an IDE can be very difficult. In addition, it is difficult for young engineers to master an IDE in addition to coding. In addition, sometimes complex coding techniques and shortcuts obfuscate essential but everyday language nuances. When studying a new language, paying close attention to minor details is vital. Utilizing an IDE may make it more challenging to learn a new language.

Developers use integrated development environments to facilitate their job. They aid in streamlining and simplifying the coding process, particularly for complicated codes. The scale of the project and other criteria, like version control system, and programming languages, influence the selection of an IDE.

See More: DevOps vs. Agile Methodology: Key Differences and Similarities

Integrated development environments (IDEs) are among the essential components of a DevOps toolkit. It helps you write code without errors and speeds up build processes. In recent years, IDEs have evolved in leaps and bounds, allowing you to develop apps for multiple devices even for IoT, such as smart cars. IDE adoption has become easier, thanks to the cloud and IDE-as-a-Service. In short, there is no shortage of options to choose from when selecting the best IDE for your needs.

Did this article help you understand the meaning and importance of IDEs? Tell us on Facebook, Twitter, and LinkedIn. Wed love to hear from you!

Image Source: Shutterstock

Go here to see the original:
Why is Integrated Development Environment (IDE) Important? - Spiceworks News and Insights

Open source to open door: Software emerges as risk to the grid – E&E News

The worst computer vulnerability in recent years was in a ubiquitous piece of open-source software a bug that was as simple to exploit as it was difficult to patch.

The Apache Log4j security flaw opened the door to millions of computers, but the extent of the damage still isnt fully understood. Nearly a year later, federal officials and Congress are still discussing how to avoid another potential disaster.

Open source, which is code that is open to everyone to use or edit, can be found in nearly every type of modern technology. It has served as the backbone of the internet, and is pervasive throughout the economy including in the energy sector.

That makes it a looming issue for energy cybersecurity.

Of course, [the Energy Department] is concerned about open-source software, said Cheri Caddy, a former senior adviser at DOE who is currently director of cyber policy and plans at the Office of the National Cyber Director. Open-source software is a part of all software development, whether its [operational technology] or IT. Its just ubiquitous in everything now.

The Log4j security lapse highlighted some of the key concerns: The development team was small, the software was found in nearly every industry, and many companies were unsure if they even had the code in their products.

The problem, experts say, is not that open source is inherently less secure than proprietary software. Its not. But a few lines of code can be adopted throughout an entire industry.

When those few lines contain a serious vulnerability, that can be a problem for critical infrastructure, including the grid. It can become an open door that allows malicious hackers to walk into critical systems especially when utilities arent aware that the door even exists.

In the energy sector, open-source software is everywhere, said Virginia Wright, an energy cybersecurity portfolio program manager at Idaho National Laboratory (INL).

Wright manages a DOE grid vulnerability testing bed called Cyber Testing for Resilient Industrial Control Systems (CyTRICS). The program, run by six DOE labs and led by INL, ferrets out vulnerabilities in the software that runs the power grid.

One hundred percent of the systems that we have looked at have contained open-source software, Wright said.

CyTRICS works on a voluntary basis with some of the biggest grid equipment manufacturers, like Hitachi Energy and Schweitzer Engineering Laboratories. Once a vulnerability is found, the lab reaches out to the manufacturers with potential mitigation measures to help patch the bug.

Sometimes that includes publicly known vulnerabilities. Because open-source software is freely available and widely used, vendors may not be aware that a vulnerability and patch even exist, Wright said.

Wright said that the labs have seen grid equipment vendors selling older versions of their products with known vulnerabilities and fixes. Some of that software is even updated in those vendors own systems, and their customers are buying it with all of the vulnerabilities attached, Wright said.

To avoid software with vulnerabilities, utilities need to employ a pretty rigorous evaluation and testing process on their own, she said.

The bipartisan infrastructure bill codifies and places the CyTRICS program under the Cyber Sense program. By September of next year, DOE aims to analyze around 10 percent of critical components in energy systems and expand the programs voluntary partnerships to cover around 15 percent of market share, according to DOEs two-year performance goal.

DOE also launched a pilot program for an energy-focused software bill of materials, which is similar to the food industrys ingredient label. Such a label, experts say, can increase visibility into the software that runs critical infrastructure.

Congress also has begun to take further action. Sens. Gary Peters (D-Mich.) and Rob Portman (R-Ohio) the chair and ranking member, respectively, of the Senate Homeland Security and Governmental Affairs Committee have moved forward legislation that would direct the Cybersecurity and Infrastructure Security Agency to study ways to mitigate risks in critical infrastructure that uses open-source software.

The transparency of open-source software means that malicious hackers can look at the source code to find new vulnerabilities, said Keith Lunden, manager of cyber physical threat analysis at cybersecurity firm Mandiant.

However, its a two-way street. Cybersecurity researchers have the same access, so they can identify and fix those vulnerabilities before malicious hackers have a chance to exploit them, Lunden said.

And unlike proprietary software, open-source software doesnt have a shelf life. Vendors will eventually stop supporting a software product; the same isnt true for open-source. For industrial systems that are designed to operate for decades, that longevity is key.

With open-source software, the community has access to the source, and they can independently develop patches indefinitely, which can be an important factor for OT security, Lunden said.

At least thats the idea.

The flexibility of open source can mean that its constantly branching into new code: Individuals and companies may adapt it for their use, potentially creating new vulnerabilities.

Thomas Pace, co-founder of cybersecurity firm NetRise and a former DOE contractor in industrial control security, said he knows of a major telecommunications vendor that will take open-source software and rewrite portions of the code.

That just then introduces a different set of problems, right? Because now you have to maintain your own code versus the whole community maintaining the code, he said. Is that better, is that worse? Thats a debate.

An open-source bug can also mean widespread risk. In 2014, hackers took advantage of a massive vulnerability in an open-source encryption program called OpenSSL.

But the incident, called Heartbleed, was a single vulnerability. Once the bug is fixed, the onus is on vendors and owners to patch their system. If, instead, each software vendor created their own version of OpenSSL, there would be multiple vulnerabilities in each version.

So its about a trade-off, said Wright.

The discovery of the Log4j vulnerability prompted the White House to hold an open-source software security summit last January. The meeting which included top U.S. cyber experts, agency officials and open-source leaders like the Linux Foundation aimed to improve federal and private collaboration so the software would be more secure.

In the months since, the Cybersecurity and Infrastructure Security Agency has promoted the use of a software bill of materials as a step to secure open-source software. CISA also plans to work with the open-source security community to identify commonly used code in critical infrastructure, in an effort to better understand where collaboration can take place.

But the agency highlighted that it can be a challenge to work with an open-source community when, by definition, its open to anyone. While there are some foundations that promote open-source development, software is often developed by small teams or single individuals.

In the meantime, CISA, the National Security Agency and Office of the Director of National Intelligence released best practices for open source developers to better secure their code.

As for the Log4j vulnerability, significant risk remains, according to a report this year from the Department of Homeland Securitys Cyber Safety Review Board.

The board, created by executive order in 2021, found that systems using the vulnerable Log4j version would be a major issue for perhaps a decade or longer.

The report concludes that the vulnerability did not lead to significant cyberattacks to critical infrastructure.

But NetRises Pace called that an impossible statement, and even the report notes that its not so cut-and-dried.

While cybersecurity vendors were able to provide some anecdotal evidence of exploitation, no authoritative source exists to understand exploitation trends across geographies, industries, or ecosystems. Many organizations do not even collect information on specific Log4j exploitation, and reporting is still largely voluntary, the board wrote in the report.

In short, organizations themselves sometimes arent aware that they have been targeted by malicious hackers. There is no list of where the Log4j software is installed.

The report also highlights the security risks unique to the thinly-resourced, volunteer-based open source community. It calls for centralized resources to help developers ensure their code is created to the latest security standards.

Just as the software industry has enabled the democratization of software programming the ability for anyone to generate software with little or no formal training we must also democratize security by banking security by default into the platforms used to generate, build, deploy, and manage software at scale, the report concludes.

Excerpt from:
Open source to open door: Software emerges as risk to the grid - E&E News

BianLian Ransomware Encrypts Files in the Blink of an Eye – BlackBerry Blog

Minutes make the difference to defenders in responding to a ransomware attack on a victims network. BianLian ransomware raises the cybercriminal bar by encrypting files with exceptional speed.

Threat actors built the new BianLian ransomware in the Go programming language (aka Golang). Despite the large size of files created in Go, threat actors are turning to this exotic programming language more often for a variety of reasons, particularly its robust support for concurrency. This is the ability for various malicious functions to run independently of each other, which speeds up the attack.

In addition to an overview of the BianLian ransomware, this post also highlights some of the unique aspects of Golang that makes it an increasingly popular choice for malware authors.

Risk & Impact

Bian Lian is an ancient dramatic art that originates in China. Artists move about the stage in brightly colored outfits and colored masks. The performers are so quick to change the masks that, with the swipe of a fan or the blink of an eye, their costumes face completely changes. We can now add a new meaning to the term Bian Lian, because a ransomware group took the name and made it their own.

Research from Cyble found that this threat group targets many different industry sectors. Their targets have historically included manufacturing, education, healthcare, professional services, energy, banking, financial services, and insurance (BFSI), and the entertainment industry.

As of September 20, 2022, the groups leak site includes 23 victims. BlackBerry researchers analyzed the list of victims and determined that this group targets corporations rather than specific countries. The listed victims have varied origins, including the United States, Australia, and the United Kingdom.

Why do these operators target English-speaking countries? Its likely the threat actor is financially motivated rather than politically or geographically orientated. And at this point, the group has not claimed any affiliation with any nation state or agenda.

BianLian ransomware shares its name with a malicious Android package (APK) application that was previously hosted on the Google Play store, but it has since been removed. This malicious application was also dubbed BianLian by ThreatFabric.

This identically named malware used a dropper from the Google Play store to install a malicious file from the infamous Anubis Banker Trojan. From there, the threat actor would use a messaging service to deliver command-and-control (C2) commands and steal user credentials. At the time of writing, no one has claimed any relation between these two malware families aside from the name theyve been given.

BianLian ransomware is written in Golang. As we discussed in a recent whitepaper, Golang is an open-source programming language designed by Google employees. The languages official first release was in March 2012, and it quickly became a mainstay language for large industry organizations such as Apple, Google, and IBM.

Golang comes with a large standard library, garbage collection cleanup, and concurrency support. Concurrency means that multiple computations can take place at the same time through a process called multithreading. To enable this, Go uses Goroutines", which allow for asynchronous execution of functions or methods independently from each other. This concurrency allows for quicker encryption of the target system.

Go can compile code for Windows, Linux, and OS X. This feature makes it possible for malware authors to create threats that impact all the major operating systems, if they choose to.

Go libraries are statically linked, which means all the necessary libraries are included in the compiled binary. In languages where this is not the case, developers will either include the libraries separately from the main executable, or they will have to hope that the target machine has the needed libraries already installed on their machine. Including these libraries makes for a larger file that is harder to distribute, but larger files might also be ignored by antivirus (AV) engines that are trying to optimize for speed.

The sample we will be analyzing in this post is named anabolic.exe (SHA256: 46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b). This file is a 64-bit executable compiled with Golang version 1.18.3.

When a Golang program is built, it generates a BuildID. A BuildID in Golang is a unique representation of the file and its contents. The BuildID is in the first 32 kb of the binary file, though the exact position can vary depending on the operating system its compiled for. The file in focus here is a portable executable (PE) file.

Looking closer, a BuildID is comprised of a hash of the filenames and the contents of the application, and it is segmented into two parts: actionID and ContentID. The actionID is a hash of the inputs that produced the packages or binary, and the contentID is the hash of the action output. This action output is the binary itself. The buildID of anabolic.exe is shown below in Figure 1.

Figure 1: Build ID from 46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b

The command used to compile the program is also stored in the binary. To compile a program with Go, you use the Go build command. This command compiles all the packages and dependencies necessary for the application.

For the sample were analyzing in this blog, this build path was given two arguments, shown below in Figure 2. The argument commands given are gcflags and trimpath. -Gcflags relates to flags passed to the compiler, and -trimpath removes all absolute file system paths from the executable. This is an attempt to remove user path directories.

Its useful to note the last part of the path here: crypt22. This can mark iterations of development from the actor, as this number has changed between samples in the wild.

Figure 2: Crypt project path

The author packaged all the ransomware's functionalities into a common package. A package is a collection of source files in the same directory that are compiled together. Static analysis of the strings in pestudio provides us with an idea of what the samples capabilities are.

From this information, we can see it will likely rename files, and it can also chunk files into smaller blocks for processing, query drive information, and check file extensions. Project pathing for this functionality is shown in Figure 3.

Figure 3. Common package functions

Upon execution of the file, the application searches the host machine for all possible drive names. To do this, the ransomware uses GetDriveTypeW from the kernell32 library. This functionality is accessed via the GetProcAddress API call, which retrieves the address of the function. The purpose of this action is to ensure that the ransomware can encrypt all connected or potential media. The call starts from A:\ and checks all the way to Z:\.

Debugger output demonstrating a snippet of this activity is shown in Figure 4.

Figure 4. GetDriveTypeW call with drives

Once all the drives are populated, the threat begins its ransom process. The ransomware encrypts files using the standard library crypto package in Go. These packages are open-source libraries used to provide cryptographic functionality, like the base CryptoAPI provided in Windows environments.

The ransomware drops a .TXT file into the directory where the file was run, named Look at this instruction.txt. The ransom note is shown in its entirety in Figure 5.

This text file contains information regarding how to contact the threat actor to restore your data. To contact the threat actors, victims can either download the peer-to-peer encrypted chat service application Tox messenger, or they can email the group directly.

The threat actor gives their victims 10 days before publicly releasing their stolen data on the operators .onion site. The note does not indicate how much money the threat actors want for payment.

Figure 5. BianLian ransom note

From here, this process is repeated in multiple threads to ensure a speedy encryption.

The ransomware targets any drive found on the system, including mounted drives, and encrypts anything that is not an executable, driver, or text file. These exclusions are meant to avoid encrypting either the ransom note, or anything that might cause the system to malfunction. The excluded files types are located within their directories by using FindFirstFileW and FindNextFileW. The lpFindFileData return value holds the information on the directory found, and FindNextFileW is used to step through the files returned with FindFirstFileW.

The files are cut into small chunks and the encryption is multithreaded to increase the speed of this operation. Figure 6 shows a snapshot of the read/write execution steps the ransomware takes to encrypt the files on the system. The output shows the read/write length of the buffer at 16 bytes, which is kept consistent throughout the execution of the file. After encryption, filenames are appended with a .bianlian extension and closed.

Figure 6. Ransomware read/write procmon

We did not observe any network interaction in this sample. This means the threat actor could have deployed the sample directly on the system with remote access.

As highlighted by cybersecurity services firm called [redacted], it is likely the BianLian threat groups initial access is gained via the ProxyShell vulnerability chain or a SonicWall VPN firmware vulnerability. From here, the threat actor moves laterally to find targets of interest, escalates their privileges, and deploys the BianLian ransomware. Then, using dropped copies of WinSCP and 7-Zip to archive and transfer chosen files, data is extracted and sent back to the threat actor. Additionally, threat operators might install backdoors on the systems to maintain access to the infected system.

BianLian is a relatively new threat actor that targets a wide range of industries. As they are likely financially motivated, they will continue their efforts to exploit systems and networks they gain access to. Their Golang-based ransomware utilizes goroutines and encrypts files in chunks to quickly ransom an infected system. The threat actor targets multiple industries in multiple countries. Their deployment method is manual infiltration of the system, and they use living-off-the-land (LotL) binaries to explore the networks and systems themselves. Once they find all the information they want, they deploy their ransomware.

To date, this ransomware group has targeted the following industries: professional services, manufacturing, healthcare, energy, media, banks, and education sectors. Their targets thus far reside in the United States, Australia, and the United Kingdom. There is no indication that they are necessarily limited to these industries or countries.

File Carving (D3-FC) Use the file carving technique to examine files sent over the network.

File Access Pattern Analysis (D3-FAPA) Identify the way an application accesses files; target could be the multiple read/writes on files that ransomware employs.

Remote Terminal Session Detection (D3-RTSD) Detect unauthored remote sessions through network traffic.

File Creation Analysis (D3-FCA) Ransomware creates ransom notes; this behavior can be detected.

The following YARA rule was authored by the BlackBerry Research & Intelligence Team to catch the threat described in this document:

46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b

117a057829cd9abb5fba20d3ab479fc92ed64c647fdc1b7cd4e0f44609d770ea

1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43

eaf5e26c5e73f3db82cd07ea45e4d244ccb3ec3397ab5263a1a74add7bbcb6e2

cbab4614a2cdd65eb619a4dd0b5e726f0a94483212945f110694098194f77095

Redacted blog: https://redacted.com/blog/bianlian-ransomware-gang-gives-it-a-go/ Cyble: https://blog.cyble.com/2022/08/18/bianlian-new-ransomware-variant-on-the-rise/ Go.dev documentation: https://go.dev/src/cmd/go/internal/work/buildid.go Go Routines: https://golangbot.com/goroutines/ Go.dev Crypto Documentation: https://pkg.go.dev/crypto Microsoft Documentation: https://learn.microsoft.com/en-us/ ThreatFabric: https://www.threatfabric.com/blogs/bianlian_from_rags_to_riches_the_malware_dropper_that_had_a_dream.html

If youre battling this malware or a similar threat, youve come to the right place, regardless of your existing BlackBerry relationship.

The BlackBerry Incident Response teamis made up of world-class consultants dedicated to handling response and containment services for a wide range of incidents, including ransomware and Advanced Persistent Threat (APT) cases.

We have a global consulting team standing by to assist you, providing around-the-clock support where required, as well as local assistance. Please contact us here:https://www.blackberry.com/us/en/forms/cylance/handraiser/emergency-incident-response-containment

Related Reading

The BlackBerry Research & Intelligence team examines emerging and persistent threats, providing intelligence analysis for the benefit of defenders and the organizations they serve.

Originally posted here:
BianLian Ransomware Encrypts Files in the Blink of an Eye - BlackBerry Blog

Web Developer Responsibilities, Skills, and Salary – Spiceworks News and Insights

A web developer is defined as a technical professional responsible for building applications and websites to be hosted on the internet, typically working in close collaboration with a graphic designer or product manager to translate programming logic and design ideas into web-compatible code. This article explains the roles and responsibilities of web developers, the skills they require, and salary expectations in 2022.

A web developer is a technical professional responsible for building applications and websites hosted on the internet, typically working in close collaboration with a graphic designer or product manager to translate programming logic and design ideas into web-compatible code.

A web developer is an expert in designing and developing websites. They guarantee that websites satisfy users expectations by ensuring they are aesthetically pleasing, operate without hiccups, and provide quick entry points with no loading difficulties or error messages.

A web developer is accountable for a company websites code, design, and layout. Due to the roles emphasis on user experience and functionality, visual design and programming skills (like COBOL), are required. After a website has been developed, a web developer will typically help with its upkeep and maintenance.

The popularity of digital marketing is now increasing, and many businesses plan to offer their goods and services online. Nevertheless, not all companies have achieved their digital marketing objectives. A site with a design that is five years woefully out of date will not attract the attention of modern online users.

Serious players are aware of this, so they often update their websites to provide the most recent experience. The strong interest among small/mid-sized entrepreneurs in implementing digital sites and the continual need to modernize outdated technology are propelling the web development market to new heights.

The Bureau of Labor Statistics (BLS) projects that demands for web developers will increase by 8% between 2019 and 2029, which is faster than the average for all occupations.

Full-stack web developer, front-end web developer, and back-end web developer are some of the critical roles to look at on this path:

Regardless of the web developer job description (front-end, back-end, or full-stack), prospective developers have two key career options. Depending on your preferences, you may apply for compensated positions in organizations or operate as an independent web developer.

Online development experts with extensive experience typically design, create and optimize web apps and websites from end to end. They have extensive knowledge of SEO (Search Engine Optimization) best practices, web development programming languages, and extensive experience. Typically, senior web developers oversee teams composed of younger engineers.

See More: What Is Serverless? Definition, Architecture, Examples, and Applications

Typically, a web developer is tasked with the following:

1. Creating the website through programming (and not no-code tools)

The primary professional objective of a web developer is to write code to make a website. They must employ various programming techniques and tools to deliver high-quality results. In addition, they must conform to contemporary web development standards and ethics. The developer must maintain a coding environment that is reusable, understandable, and simple to modify or debug. Additionally, they must often update the program to retain a flexible coding framework.

2. Testing the website before deployment and then at regular intervals

Developers must routinely examine their websites to detect flaws early. Before publishing the program, they must review the code for potential bugs. Thorough testing will avoid future issues. To guarantee that the standards are completed, they must also get continuous input from clients and consumers.

3. Debugging the website code

Bugs make a website ineffective when the coding cannot offer website visitors functionality. After debugging, a web developer optimizes the code to improve performance. Regular testing and validation of the code guarantee that the code functions as intended and that a website application continues to be operational. The capacity to detect, evaluate, and eliminate mistakes may facilitate a positive user experience and promote business growth.

4. Maintaining the website and supporting the organization/client on website updates

To keep customers happy, a site must respond as quickly as feasible. If an application opens slowly, customers will be less likely to use it again. Therefore, site developers must guarantee that all functions are operational. This position involves spreading updates to maintain the websites functionality. They must ensure that all security protocols are in place and promptly detect anomalies.

5. Collaborating with designers to understand and execute their vision

Web developers collaborate with creative specialists and designers to extract the intended visual outcomes for a website. This part of web development is necessary for creating a responsive product. The web developer interacts with the designers to effectively guarantee the implementation of key features and functionalities. The objective is to develop a consistent theme throughout all web pages.

The primary area of operations for the designer is curating the sites graphics and branding. However, the web developer executes the coding necessary for the visual components to function. Therefore, they must work successfully and transparently, each feeding off the others ideas.

6. Connecting the database and maintaining integrations

Because almost all software manipulates large amounts of data, database management is essential. Offline use of the program necessitates data synchronization between internal memory and remote databases. This is why mobile developers must have database knowledge. SQLite is crucial for mobile coding because it enables data to be stored forever.

7. Ensuring responsive design

A responsive website seamlessly adapts to various screen sizes, including those of mobile phones, tablets, and desktop computers. This technique utilizes a combination of flexible grids and layouts, media, and intelligent code to guarantee that web pages scale appropriately to accommodate various screen sizes.

Web pages might seem broken if their design is not responsive, impacting the websites number of visits. Creating a responsive site design may play a pivotal role in web development, as it can enhance the user experience, thereby increasing conversions.

In addition to these essential duties, additional responsibilities may include:

In short, web developers are responsible for creating and maintaining websites. Typically, they will spend their time developing code languages like HTML5, which is used by many mobile devices and maintaining the sites technical elements, such as its ability to manage traffic without crashing.

A web developer is responsible for the design and functionality of websites. They interact with the web and visual designers, analyze website traffic, handle website issues, and upgrade websites as required. The everyday activities of web developers vary by industry, job, and assignment. Frequently, developers must communicate with customers, arrange online layouts, write code to allow site functionality, and create or add verbal or graphic content to the code framework.

See More: DevOps Roadmap: 7-Step Complete Guide

A remarkable portfolio and good knowledge of HTML will set you up for surefire success as a web developer. However, there are other qualities that will advance your career and drive success in the area of web development:

Coding is one of the most important hard skills required of a web developer, and these individuals must be proficient in several of the programming languages listed below:

In addition, web developers must show proficiency in frameworks such as ASP.NET and Angular.js. ASP.NET is an open-source framework that offers web developers the tools and resources necessary to create dynamic websites, apps, and services. Even though there are other online application architectures, web developers often choose ASP.NET as the industry standard.

Similar to ASP.NET is the fully accessible, industry-standard application framework Angular.js. Google and its user community manage this program. Due to its JavaScript base, web developers often use Angular.js to modify a sites entire front end.

Programming languages function according to rules and definitions. If you are inherently adept at solving issues rationally, you will learn these languages considerably faster. As you see them in operation, you will acquire an aptitude for deconstructing statements into their fundamental components and anticipating their logical results. Web developers who must keep track of various jobs, initiatives, timelines, costs, and workflow planning will benefit significantly from logically-based organizational techniques.

Developers are accountable for developing the most elegant end-user solution. As you undertake more complicated tasks, youll discover that there is seldom a single solution to the issue: one may have numerous pathways available, and it requires a sense of creativity to envision how each would function. Further, a robust aesthetic sense is helpful when collaborating with design personnel as it helps visualize what the end web product will look like.

As a result, web developers must stay abreast of any significant new programming languages, web development software, and industry trends. Even coding professionals with extensive degrees in computer science will need ongoing skill development to remain competitive. In reality, there is nearly always a link between learning capacities and technical proficiency, which results in higher pay. Success as a developer does necessitate a dedication to lifelong learning, which is advantageous for the vast majority of workers in the area.

A web developer may utilize a version control system to monitor, manage, and modify code shifts/alterations. Git is an instance of a code version control mechanism that enables rapid mistake detection and correction. The application allows you to record the modifications youve performed on the code so you may examine it before making any modifications. This is essential for full-stack web developers who operate under tight deadlines.

Many customers prefer that the independent web developers they employ understand the fundamentals of SEO. This is because a website with efficient SEO scores higher in search engine results, drawing more visitors. SEO is a crucial skill for web developers since customers typically want to enhance their websites traffic.

Even the tiniest misspelling might result in a 404. Programmers are taught to reread their code numerous times to check for flaws and find efficiency. It requires patience, intense concentration, and the ability to see ones work objectively.

Communication is another area of soft skill development for this role. Whether you are a member of a large engineering department or a solo, you will need to interact with various stakeholders during the project. One must remain receptive to suggestions from designers, clients, and other team members and communicate through potential barriers. Promoting open communication channels will produce a superior final product and help you grow as a developer.

See More: DevOps vs. Agile Methodology: Key Differences and Similarities

The average yearly salary for web developers in the United States is $104,080, according to statistics from Glassdoor (as of September 15, 2022). Numerous variables, including experience, region, living costs, and expertise levels, may affect earnings. Typically, novice web developers earn less than seasoned experts, but those with more certificates or training make more.

Professional Certifications and an associates degree allow you to develop your programming skills and demonstrate your experience. A bachelors degree is not required for web developers. However, individuals with a postsecondary degree often make much better earnings. In addition, certain businesses may seek web developers with degrees in disciplines like computer science or engineering.

Web developers with bachelors degrees may potentially work in management positions and earn extra revenue. According to the BLS, computer science and information system administrators earn a median annual income of $159,010 despite commencing their careers as web developers. Apart from educational background, seniority is another crucial factor driving web developer salaries. Glassdoor estimates the following average total compensation for three primary levels of expertise::

As practically every sector requires a digital presence for profitability, web developers may find work in various areas. However, certain businesses tend to employ more web developers than others, and pay rates might vary by industry. Computer systems design, unified communications, publishing, administration, science and technology consulting services, branding, advertising, and public relations are the most common areas for employment.

See More: What is Root-Cause Analysis? Working, Templates, and Examples

Web development is now among the key pillars of doing business. Every company needs a website to establish its online presence, some (like e-commerce) conduct their business on the web, and others provide essential services via web apps, such as Software as a Service (SaaS) companies. Therefore, demand for web developers will continue to be high in the next few years, and the rise of new systems like Web3 will make highly skilled web developers more coveted than ever before.

Did this article give you the information needed to support a career in web development? Tell us on Facebook, Twitter, and LinkedIn. Wed love to hear from you!

Image Source: Shutterstock

Go here to see the original:
Web Developer Responsibilities, Skills, and Salary - Spiceworks News and Insights

Four programming languages rule, but one new alternative is on the rise – ZDNet

Image: Getty Images/Maskot

The Rust programming language is gaining in popularity among developers, according to the most recent update from software quality firm Tiobe's language index.

Rust has risen to 20th position in October, up from 26th this time a year ago. It's the second time it's been in Tiobe's top 20 after peaking at 18th position in September 2020, a few months after it reached version 1.0.

Paul Jansen, CEO of Tiobe Software, sees Rust as a "small threat" for C and C++ the two languages that some developers believe Rust should replace for new projects due to its better management of memory security.

Also: The most popular programming languages and where to learn them

Despite rising in popularity, Rust remains well behind C and C++, which are even more entrenched in the top five most popular languages than they were last year. As Jensen notes, the top four, which include Python, Java, C and C++, now have a share of 55%, up from 40% last year.

"This is an indication that there is not much room for competition at the moment. Java's main competitor C# is losing ground, whereas Python competitors R and Ruby are more or less stabilizing," writes Jensen.

"However, for C and C++ there is one small threat arising on the horizon: the programming language Rust. Rust re-entered the top 20 again with an all-time high market share of 0.70%. Rust focuses on performance and type safety. One of the reasons for Rust's increasing popularity is that Google started programming low-level parts of Android in the Rust language."

The Android Open Source Project began using Rust for new Android code in 2021. Linux kernel developers are also now putting in place the parts for Rust to be a second language to C in the kernel.

While Rust has a small estimated share of developers, Rust has been crowned the "most loved" language in Stack Overflow's past few annual developer surveys. Another language that has seen a rise in popularity, according to Tiobe, is Objective-C.

There are a number of different programming language rankings, each of which measure coding-language popularity slightly differently. Tiobe says its rankings are based on the number of skilled engineers worldwide, courses and third-party vendors. It also uses popular search engines to calculate the ratings. The top 10 languages: Python, C, Java, C++, C#, Visual Basic, Javascript, Assembly Language, PHP, and SQL.

IEEE Spectrum's top programming languages for 2022 are slightly different to Tiobe's, but Python is also the top language. It's followed by C, C++, C#, Java, SQL, JavaScript, R, HTML, TypeScript.

RedMonk's top 10 languagesare JavaScript, Python, Java, PHP, CSS, C#, C++, TypeScript, Ruby, and C. Rust is in 19th position with Dart.

Follow this link:
Four programming languages rule, but one new alternative is on the rise - ZDNet

When Will New Pasco Aquatic Center Open? Find out, Here – newstalk870.am

According to the Tri-Cities Area Journal of Business and the City of Pasco, there's a start 'month' for the voter-approved Pasco Aquatic Center.

The new tax that was approved by voters to pay for the project will begin in January of 2023, a 2/10th of a percent sales tax that will fund the $40 million-dollar facility.

Voters approved it in April, it will be located most likely somewhere between Road 68 and Road 100 in the Broadmoor Area. When it was presented to voters, a specific location was not specified.

The tax goes into place in January, and officials say they have a target of October 2024 for it to be completed. According to the TCAJOB, Pasco has hired former Mayor Matt Watkins to help spearhead and lead the project, based upon his community experience.

Some of the hurdles still facing the project, according to TCAJOB, include its finished design, state approval, and hiring a contractor--just to name a few.

About 9 years earlier a similar larger water park proposal put out that would serve the entire area was rejected due to voters in Kennewick and Richland. Pasco-area voters had approved it.

See original here:
When Will New Pasco Aquatic Center Open? Find out, Here - newstalk870.am

IJJ Corporation Expansion Activities for Board Members as Appointed Officers, The GSA Schedule Status, And eCETP Client Enrollments – GuruFocus.com

SILVER SPRING, MD / ACCESSWIRE / October 14, 2022 / IJJ Corporation (IJJ Corp), (OTC PINK:IJJP) IJJCorp Shareholder update of IJJ Corporation expansion activities for Board members as Officers, the GSA Schedule status, and eCETP client enrollments.

Updates:

1. Onboarding Corporate officers as the board of directors:

I announced expanding the board members as Directors for IJJ Corporation a few months ago. However, onboarding was postponed until the following was accomplished:

Negotiate their consultant agreements, Terms, and Conditions for each position, outline the changes to the Articles of Incorporation, and additional resources before onboarding the new partners. As a result, the Company is prepared to onboard four Corporate Officers on the Board of Directors.

The list of candidates for the following positions:

The selected candidates are individuals which whom I've had working relationships over the past 12 years. Everyone brings Federal government, Department of Defense (DoD), and C-level corporate experience to propel IJJ Corp business model growth and our commitment to supporting IJJP's Shareholders.

Note 1: I will update next week, hopefully announcing their acceptance of the compensation plan, with a summary of their backgrounds.

Note 2: Chief Technical Officer (Crypto industry and multiple programming disciplines. That position is Montech CTO and Founder.

2. GSA Federal Supply Schedule:

The schedule is still a priority for the business model. In addition, IJJ Corp and Montech had to establish operating procedures for the GSA Schedule. Therefore, I elected to delay the submission to shore up their required resources plus allow the new COA and AAO to review and approve the submission. The proposal documents are under development, with the plan submittal date before the end of October 2022.

3. eCETP client enrollment.

Certified eCETP Operators

TOTALS CATEGORY

1 Nonprofit -Perpetual License

1 Nonprofit -eCETP User

1 For-Profit -eCETP Partner

Mandatory Training Program

TOTALS CATEGORY

2 Nonprofit -eCETP Users

1 For-Profit -eCETP Partner

4. New Initiatives scheduled for 2023:

1. The selection of open-source code for credit card processors is under review. It must include formulating a business structure to adhere to state and federal government requirements.

2. The Banking services of Debit processing will be available on the eCETP WebApp. In addition, its debit card processor will increase profitability and place IJJ Corporation in the financial service marketplace. The primary target markets are the USA Federal, Department of Defense, and state government, the second-largest USA debit card processor.

Note 3. The software, products, and services will eventually go on the GSA Schedule.

In closing, the above information is for IJJP Shareholders and Market Makers.

In addition, we will resume posting on Twitter and LinkedIn and submit press releases providing News on material events, task projections, or any discoveries as they occur.

IJJ Corp: IJJ Corp is an ambitious, innovative company offering Business Processing as a Service (BPaaS) and a Blockchain Cryptographic exchanger within a private network designed to give access to investors, budget funding, and networking business services.

The Company intends to continue developing and integrating services and products to bring its clients the most comprehensive, innovative, turnkey solutions and management services.

Follow IJJCorp on Twitter and LinkedIn at the following social media addresses:

https://twitter.com/IJJCorp and https://www.linkedin.com/company/ijj-corporation.

CONTACT: [emailprotected]

Safe Harbor Statement:

The information posted in this release may contain forward-looking statements within the Private Securities Litigation Reform Act of 1995. You can identify these statements by use of the words "may," "will," "should," "plans," "expects," "anticipates," "continue," "estimate," "project," "intend," and similar expressions. Forward-looking statements involve risks and uncertainties that could cause results to differ materially from those projected or anticipated. These risks and uncertainties include, but are not limited to, general economic and business conditions, effects of continued geopolitical unrest and regional conflicts, competition, changes in technology and methods of marketing, delays in completing various engineering and manufacturing programs, changes in customer order patterns, changes in product mix, continued success in technological advances and delivering technological innovations, shortages in components, production delays due to performance quality issues with outsourced details, and various other factors beyond the Company's control.

SOURCE: IJJ Corporation

View source version on accesswire.com: https://www.accesswire.com/720448/IJJ-Corporation-Expansion-Activities-for-Board-Members-as-Appointed-Officers-The-GSA-Schedule-Status-And-eCETP-Client-Enrollments

Read more here:
IJJ Corporation Expansion Activities for Board Members as Appointed Officers, The GSA Schedule Status, And eCETP Client Enrollments - GuruFocus.com

New to The Street Announces its Five Business Guest Interviews on Episode #395, Airing on Bloomberg TV as a Sponsored Program, Tonight, October 13,…

NEW YORK, Oct. 13, 2022 (GLOBE NEWSWIRE) -- FMW Medias New to The Street announces the broadcasting of its business show broadcasting as a sponsored program on Bloomberg TV, October 13, 2022, at 9:30 PM PT.

New to The Streets TV show will air the following five (5) business interviews:

1). PetVivo Holdings, Inc.s (NASDAQ: PETV) (NASDAQ: PETVW) ($PETV) interview with John Lai, CEO & President.

2). Mikra Cellular Sciences (a division of Lifeist Wellness, Inc.) (TSXV: LFST) (FRANKFURT: M5B) (OTCMKTS: NXTTF)interview with Faraaz Jamal, CEO, Mikra Cellular Sciences & COO, Lifeist Wellness, Inc.

3).Sekur Private Data, Ltd.s(OTCQX: SWISF) (CSE: SKUR) (FRA: GDT0) interview with Mr. Alain Ghiai, CEO.

4). The Sustainable Green Teams (OTC: SGTM) ($SGTM) interviews with Tony Raynor, CEO, and Brian Rivera, Administrative Assistant.

5). Tonix Pharmaceuticals, Inc.s(NASDAQ: TNXP) ($TNXP) interview with Dr. Seth Lederman, MD, and CEO.

Episode #395

New to The Street TV is airing the Nasdaq Marketplace studio interview with John Lai, CEO / PresidentPetVivo Holdings, Inc.(NASDAQ: PETV) (NASDAQ: PETVW) ($PETV). The Company is a biomedical device company that manufactures, commercializes, and licenses innovative medical devices and therapeutics for companion animals. Talking with TV Host Jane King, John gives viewers an update on the recent launch of the distribution agreement between PETV and MWI Animal Health (MWI), a leading animal health products and services distributor, and Amerisource Bergen subsidiary. With over $5B in annual revenue, MWI is one of the largest distributors of veterinary drugs and products, with lots of business resources and skilled personnel. Securos is the educational division at MWI, which provides hands-on-training, resources, and continuing education for veterinarians, helping them understand the full benefits of products. The educational and sales/ market teams at MWI now promote and distribute PETVs injectablepatented Spryng with OsteoCushion Technologythat treats osteoarthritis and joint afflictions for dogs, horses, and cats. As a naturally derived product, Spryng mimics collagen tissue that significantly improves animals afflicted joints. The feline osteoarthritis version of Spryng is coming to market soon. John says the Spryng roll-out with MWI is going very well. Recently, PETV hired more seasoned personnel with over two decades of sales/marketing experience in the pet industry. The on-screen QR code is available during the show; download or visit PetVivo Holdings, Inc.- https://petvivo.com/ and Spryng with OsteoCushion Technology - https://www.sprynghealth.com/.

New to The Street airs TV Host Jane Kings Nasdaq Marketplace interview with Faraaz Jamal, CEO of Mikra Cellular Sciences ("Mikra") and COO of Lifeist Wellness, Inc. (TSXV: LFST) (FRANKFURT: M5B) (OTCMKTS: NXTTF). Faraaz provides viewers with an update Mikra's operations and on its CELLF product that enhances humans' microscopic cellular activities. Demand is up as product acceptance continues, gaining more customers, and Mikra continues to increase production output to meet this demand. Faraaz talks about clinical studies on CELLF with data suggesting that the nutraceutical can offset the issues associated with Chronic Fatigue Syndrome (CFS), known as "Brain Fog. Many with long-Covid afflictions complain about "Brain Fog," with many physicians not understanding the best way to treat the problem. CELLF is a product with high concentrations of organic minerals and vitamins that target cellular activities through Mikra's novel cellular delivery system. CELLF is a nutraceutical gel with a buttery-type consistency, produced in small batches to ensure quality control standards that eliminate oxidation issues common with competitor products. Determined to change health care practices, which account for treatments after illness onset, Faraaz believes preventative products like CELLF can produce long-lasting good health. More products are in the Mikra pipeline, one of which is soon to come to market, an athletic product designed to increase workouts and decrease recovery times from solid performances. If you wake up after 8 hours of sleep feeling sluggish and seem to lose energy midday, CELLF could be the answer. Mikra sells its product through its e-commerce outlets. Mikra Cellular Sciences is a Lifeist Wellness, Inc. subsidiary that develops, produces, and sells bioactive consumer products. The on-screen QR code is available during the show; download or visit Mikra Cellular Sciences - https://wearemikra.com/.

On the New to The Street show, Alain Ghiai, CEO,Sekur Private Data, Ltd. (OTCQX: SWISF) (CSE: SKUR) (FRA: GDT0) ($SWISF) (Sekur), gives TV Host Jane King and viewers an overview of Sekur Private Data, Ltd.'s Sekur cybersecurity products and talks about hacking problems coming out of North Korea. The North Koreans are attacking LinkedIn with posts full of malware to steal data. You think you are getting a business referral, so you hit the link, and your device becomes compromised. Years ago, open-source platforms allowed software developers to share code creating usable solutions to grow the reaches of technology. It was an acceptable method at the time, but now, open-source platforms, the majority used by "Big Tech," are where stolen code gets manipulated; favorite ways for hackers to create a nefarious campaign to steal data. Be careful about all those supposed "Free-Apps"; a virus code is waiting to infect your devices. Sekur is a closed-loop platform with an encryption layer of security not available using open-platform products. SekurMail and SekurMessenger, along with its other cybersecurity products, Sekur can offer its end-users a complete privacy solution. Because Sekur operates on a closed-source platform, code is unavailable for hackers to manipulate. Many understand the benefits of subscribing to Sekur's software solutions, which shows in the Company's financial results. Alian expects financial results in Q3 to be higher than Q2 from the increases in subscribers for its email, text, and other encrypted platforms. The Company lowered marketing expenses, and management believes its Q4 results should continue to be strong from subscriber increases. The Fundamental Research Report (FRC Report), dated September 8, 2022, provides a comprehensive report about the Company's current and future operational status. Sekur entered into a number of partnerships and the results from these agreements should show in financial results in Q1 2023. Alain sees more upside growth in 2023 and anticipates net profitability in 2025. Sekur Private Data, Ltd. hosts its services in Switzerland, benefiting from the stringent Swiss Privacy laws. It uses a closed-source proprietary technology on an independent and military-grade encrypted platform. The on-screen QR code is available during the show; download or visit Sekur Private Data, Ltd. https://www.sekurprivatedata.com/ and http://www.Sekur.com. Peer to peer, end to end, secure suite, password manager, mail txt and video conference secure.

New to the Street's TV Host Jane King interviews The Sustainable Green Teams (OTC: SGTM) Tony Raynor, CEO, and Brian Rivera, Administrative Assistant. From the Nasdaq Marketplace studio, Tony explains the Company's business in providing eco-friendly and sustainable solutions for several industries. As a holding Company with many wholly-owned subsidiaries, SGTM can develop and deploy innovative solutions to mitigate waste and other byproducts. For 35 years, one of SGTM's subsidiaries was the first to take naturally occurring iron oxide pigments and formulate colored mulch products. Other sustainable solutions and products continue at SGTM multiple locations because of its management's strong leadership and dedicated team. SGTM successfully works with municipalities in arbor culture and storm recovery, creating comprehensive waste solutions. From the abundance of green waste worldwide, SGTM can handle the waste making it into usable and friendly products. SGTM creates soils, mulches, and lumber products from green reusable waste. Brian talks about all the excitement coming from within the Company, its subsidiaries, and from external sources in creating and utilizing eco-friendly solutions and products. People just want to get involved in restoring and creating a green world. Cutting-edge technologies are from the visionaries who are pioneering new solutions to create cleaner outcomes for the planet. The Company entered into collaboration with an Australian company, VRM BioLogik Group which developed a product that creates water from organics. SGTMs management will continue to aggressively seek partnerships with like-minded individuals and entities to find more environmentally sustainable solutions and products. The on-screen QR code is available during the show; download or visit The Sustainable Green Team - https://www.thesustainablegreenteam.com/.

Dr. Seth Lederman, MD, CEO of Tonix Pharmaceuticals, Inc. (NASDAQ: TNXP) ($TNXP), is at the Nasdaq Marketplace studio, talking with New to The Street's TV Host Jane King. As a clinical-stage biopharmaceutical Company, Seth informs viewers that the FDA approved an IND clearance for TNX-601 for human depression. The Company is developing a time-released pill, a once-a-day dose, as a new first-line potential treatment for those inflicted with depression. The pill's formulation uses the compound tianeptine. Europe, Latin America, and Asia countries for about 30-years used this compound to treat those depressed. TNXP anticipates moving TNX-601's IND stage forward to a Phase 2 trial sometime beginning of next year, 2023. Tonix has many pipeline drugs in development. Its led product TNX-102 SL completed its first part of the Fibromyalgia FDA Phase 3 clinical trial and is moving forward with the all the necessary FDA rules expecting to achieve a new drug approval status. Two-thirds of Long-Covid patients have multi-site pain, similar to those who have Fibromyalgia. Tonix is moving forward with an FDA Phase 2 Long-Covid prevail study for its TNX-102 SL. Also, those with Chronic Fatigue Syndrome (CFS) could use TNX-102SL if approved to treat accordingly. Tonix Pharmaceuticals is developing many drugs to treat central nervous system disorders and diseases. The on-screen QR code is available during the show; download or visit Tonix Pharmaceuticals, Inc. - https://www.tonixpharma.com/.

About PetVivo Holdings, Inc. (NASDAQ: PETV) (NASDAQ: PETVW) ($PETV):

PetVivo Holdings Inc. (NASDAQ: PETV) (NASDAQ: PETVW) ($PETV) is an emerging biomedical device company focused on manufacturing, commercializing, and licensing innovative medical devices and therapeutics for companion animals. The Companys strategy is to leverage human therapies for treating companion animals cost-effectively and time-efficiently. A vital component of this strategy is the accelerated timeline to revenues for veterinary medical devices, which enter the market much earlier than more stringently regulated pharmaceuticals and biologics. PetVivo has a pipeline of seventeen products for the treatment of animals and people. A portfolio of nineteen patents protects the Companys biomaterials, products, production processes, and methods of use. The Companys lead product SPRYNGwith OsteoCushiontechnology, a veterinarian-administered, intraarticular injection for the management of lameness and other joint-related afflictions, including osteoarthritis, in dogs and horses, is currently available for commercial sale - https://petvivo.com/.

About Mikra Cellular Sciences:

Mikra Cellular Sciences ("Mikra"), a division of Lifeist Wellness, Inc. (TSXV: LFST) (FRANKFURT: M5B) (OTCMKTS: NXTTF),is a breakthrough Company seeking to unlock cellular potential and maximize the health of humans.Mikra intends to bridge the scientific gap between cellular health and consumer wellness andfocuses on ones health at the cellular level. Human cells are responsible for the overall functionality of human biology. Mikra continues to develop products that can enhance cellular absorption of key and need minerals and nutrients to improve health and wellness. CELLF product is clinically tested and engineered to bring balance to the body and mind on a cellular level -https://wearemikra.com/. Lifeist Wellness, Inc. (TSXV: LFST) (FRANKFURT: M5B) (OTCMKTS: NXTTF) is sitting at the forefront of a post-pandemic wellness revolution, leveraging the advancements in science and technology to build breakthrough companies that transform human wellness. Its business portfolio includes: CannMart, a B2B wholesale distribution business that facilitates recreational cannabis sales to Canadian provincial government control boards; CannMart Labs, a BHO extraction facility for the production of high-margin cannabis 2.0 products; theCannMart.commarketplace, which provides US customers with access to hemp-derived CBD and smoking accessories; Australian Vapes, the country's largest online retailer of vaporizers and accessories; Findify, a leading AI-powered search-and-discovery platform; and Mikra, a biosciences and consumer wellness company seeking to develop innovative therapies for cellular health. Information on Lifeist and its businesses - http://www.lifeist.com, http://www.cannmart.com, http://www.australianvaporizers.com.au, http://www.wearemikra.com, and email:ir@lifeist.com.

About Sekur Private Data Ltd.(OTCQX: SWISF) (CSE: SKUR) (FRA: GDT0):

Sekur Private Data, Ltd.(OTCQX: SWISF) (CSE: SKUR) (FRA: GDT0) is a cybersecurity and internet privacy provider of Swiss-hosted solutions for secure communications and secure data management. The Company distributes encrypted emails, secure messengers, secure communication tools, secure cloud-based storage, disaster recovery, and document management products. The Company sells and serves consumers, businesses, and governments worldwide through approved wholesalers, distributors, and telecommunications companies. Contact Sekur Private Data, Ltd. at corporate@globexdatagroup.com or visithttps://www.sekurprivatedata.comandhttps://www.sekur.com.

About The Sustainable Green Team, Ltd. (OTC: SGTM) ($SGTM)

The Sustainable Green Team, Ltd. (OTC: SGTM) ($SGTM) is an emerging provider of environmentally beneficial solutions for preserving natural resources and the municipal waste and recycling industries. The Company is a wholesale manufacturer and supplier of wood-based mulch and lumber products, primarily in the Midwest, Southeast, and Ohio Valley regions. The Company also provides arbor care and storm recovery services to municipalities, corporations, and consumers, primarily in the southeastern United States. The Company plans to expand its operations through organic growth and strategic acquisitions that are both accretive to earnings and positioned for rapid growth from the resulting synergistic opportunities identified. The Companys customers include governmental, residential and commercial clients - https://www.thesustainablegreenteam.com/

About Tonix Pharmaceuticals Holding Corp. (NASDAQ: TNXP) ($TNXP):

Tonix Pharmaceuticals Holding Corp. (NASDAQ: TNXP) ($TNXP) is a clinical-stage biopharmaceutical company focused on discovering, licensing, acquiring, and developing small molecules and biologics to treat and prevent human disease and alleviate suffering. Tonixs portfolio comprises immunology, rare disease, infectious disease, and central nervous system (CNS) product candidates. Tonixs immunology portfolio includes biologics to address organ transplant rejection, autoimmunity, and cancer. TNX-15001 is a humanized monoclonal antibody targeting CD40-ligand in development to prevent allograft and xenograft rejection and treat autoimmune diseases. A Phase 1 study of TNX-1500 is expected to be initiated in the second half of 2022. Tonixs rare disease portfolio includes TNX-29002 for the treatment of Prader-Willi syndrome. The FDA has granted TNX-2900 Orphan-Drug Designation. Tonixs infectious disease pipeline consists of a vaccine in development to prevent smallpox and Monkeypox called TNX-8013, next-generation vaccines to prevent COVID-19, and an antiviral to treat COVID-19. Tonixs lead vaccine candidates for COVID-19 are TNX-1840 and TNX-18504, live virus vaccines based on Tonixs recombinant pox vaccine (RPV) platform. TNX-35005 (sangivamycin,i.v.solution) is a small molecule antiviral drug to treat acute COVID-19 and is in the pre-IND stage of development. TNX-102 SL, (cyclobenzaprine HCl sublingual tablets) is a small molecule drug being developed to treat Long COVID, a chronic post-acute COVID-19 condition. Tonix expects to initiate a Phase 2 study in Long COVID in the second quarter of 2022. The Companys CNS portfolio includes small molecules and biologics to treat pain, neurologic, psychiatric and addiction conditions. Tonixs lead CNS candidate, TNX-102 SL, is in mid-Phase 3 development to manage fibromyalgia, with a new Phase 3 study launched in the second quarter of 2022. Finally, TNX-13006 is a biologic designed to treat cocaine intoxication that is expected to start a Phase 2 trial in the second quarter of 2022 -https://www.tonixpharma.com. (1TNX-1500 is an investigational new biologic at the pre-IND stage of development and has not been approved for any indication.2TNX-2900 is an investigational new drug at the pre-IND stage of development and has not been approved for any indication.3TNX-801 is a live horsepox virus vaccine for percutaneous administration in development to protect against smallpox and Monkeypox. TNX-801 is an investigational new biologic and has not been approved for any indication.4TNX-1840 and TNX-1850 are live horsepox virus vaccines for percutaneous administration, in development to protect against COVID-19. TNX-1840 and TNX-1850 are designed to express the SARS-CoV-2 spike protein from the omicron and BA.2 variants, respectively. TNX-1840 and TNX-1850 are investigational new biologics at the pre-IND stage of development and have not been approved for any indication. 5TNX-3500 is an investigational new drug at the pre-IND stage of development and has not been approved for any indication.6TNX-1300 is an investigational new biologic and has not been approved for any indication.)

About FMW Media:

FMW Media operates one of the longest-running US and International sponsored and Syndicated Nielsen Rated programming television brands, "New to The Street," and its blockchain show, "Exploring The Block." Since 2009, these brands have run biographical interview segment shows across major U.S. television networks. The paid-for-television programming platforms can potentially reach over 540 million homes in the US and international markets. FMW's New to The Street / Newsmax televised broadcasting platform airs its syndication on Sundays at 10 -11 AM ET. FMW is also one of the nation's largest buyers of linear television, long and short-form paid programming -https://www.newsmaxtv.com/Shows/New-to-the-Street&https://www.newtothestreet.com/.

Forward-Looking Statements Disclaimer:

This press release contains forward-looking statements within Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934. In some cases, you can identify forward-looking statements by the following words: "anticipate," "believe," "continue," "could," "estimate," "expect," "intend," "may," "ongoing," "plan," "potential," "predict," "project," "should," "will," "would," or the negative of these terms or other comparable terminology. However, not all forward-looking statements contain these words. Forward-looking statements are not a guarantee of future performance or results and will not necessarily be accurate indications of the times at which such performance or results are achieved. This press release should be considered in all filings of the Companies contained in the Edgar Archives of the Securities and Exchange Commission at http://www.sec.gov.

CONTACT:

FMW Media Contacts: Bryan Johnson +1 (631) 766-7462 Bryan@NewToTheStreet.com

"New to The Street" Business Development Office 1-516-696-5900 Support@NewToTheStreet.com

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/506703c3-e6ef-42c4-b1c1-4c683835c938

See the original post:
New to The Street Announces its Five Business Guest Interviews on Episode #395, Airing on Bloomberg TV as a Sponsored Program, Tonight, October 13,...

Finchem wants to ban voting machines and do hand counts, that is ‘unrealistic’ – Arizona Mirror

There were 3,420,565 ballots cast in 2020 in Arizona and if Mark Finchem had his way, every single one of them could be counted by hand.

As secretary of state, he would have unilateral authority to make that happen.

While the secretary of state oversees Arizonas elections, many of the roles duties are ministerial or dependent on other branches of government. The actual elections are conducted and managed by the states 15 counties, and its officials there who are responsible for tallying votes. And election laws are written by the state legislature and must be approved by the governor.

But state law gives sweeping powers to the secretary of state to regulate election equipment. The secretary has the ability to say what standards any equipment must meet, to certify equipment that meets those standards and to decertify any equipment that doesnt.

Finchem, a state legislator from Oro Valley who is the GOP nominee for secretary of state, has long made it clear that he does not support the use of machine tabulation to count votes. Earlier this year, he and Republican gubernatorial nominee Kari Lake even filed a federal lawsuit to try to stop their use in the state.

As secretary of state, he could force counties to count ballots by hand if he decertified the election machines setting up a nightmare scenario for elections officials.

Hand counting all the ballots in Arizona is impossible, said Jennnifer Marson, the executive director of the Arizona Association of Counties. Its impossible, its impossible.

In Maricopa County alone in 2020, there were 74 selections for voters to choose from on the smallest version of the ballot sent out, she said. When multiplied by the number of ballots cast, that equates to over 154 million selections that would need to be counted and tallied by hand. Statewide, the number is estimated to be around 201 million, Marson said.

If youre going to do a hand count, youre probably going to have to hand count twice, Marson said, adding that the logistics of a hand count on such a massive scale are unknown. Literally, how will they do it? Will they tick marks on paper? Will they use Excel? Because that is a machine.

Then there are questions of how much it would cost to hire enough workers to manually tally every vote in every race on millions of ballots.

And aside from being less accurate than electronic tabulation machines, hand-counting is slow and it could jeopardize the ability of counties to canvass their elections in the 20 days that state law allows. State law requires a canvass of legislative and statewide elections within 27 days, a task that could be difficult if not impossible.

The possibility for error is massive. Its massive when you have humans doing it, Marson said. They lose their place, they have to start over.

Finchem has already hinted at his intentions to change the standards for election machines to something that would be impossible to meet.

I do not believe that we should be using equipment that we cannot inspect the software, Finchem said in a recent interview with CBS News. In the lawsuit with Lake, trying to inspect the software on the machines currently used was a key part of their litigation.

Finchem said he would seek to prohibit the use of voting equipment with software that is not open source.

But there is no such election equipment. All election equipment used in Arizona must first be certified by the federal Election Assistance Commission. And because the equipment is considered critical infrastructure, none of it uses open-source software.

The U.S. Election Assistance Commission, which certifies some election equipment in the United States, has not had any open source software submitted for certification through their Testing and Certification program, according to EAC spokesperson Kristen Muthig. If any open source software was submitted, it would be evaluated in the same way any other system is evaluated, Muthig said.

Arizona law establishes a voting equipment certification committee, but it doesnt have any real power. All three of its members are appointed by the secretary of state, and it is tasked with making recommendations about electronic voting and tabulation machines to the secretary of state.

And while the secretary of state is required to consult with this committee for developing standards to decertify machines, determining what those standards will be is solely the secretary of states duty. If he or she wants to ignore the committees recommendations, nothing in law stops that from happening.

Based on those standards, the secretary of state then can revoke the certification of any device already in use that doesnt comply and ban the use of them for up to five years.

Since the 2020 election, Finchem has opposed electronic ballot tabulators and has sought to prohibit their use. In the interview with CBS, Finchem cited long debunked claims that Dominion Voting Systems machines in Colorado had high error rates, among other claims.

He also reiterated that he would follow the law.

Finchem did not respond to a request for comment.

His stance is part of a growing movement, driven by election fraud conspiracy theorists across the country, that aims to push for the total ban of electronic voting equipment and move to hand counts of ballots. Doing so just isnt possible in many cases, experts say.

It is extremely unrealistic in all but the tiniest of jurisdictions, Gowri Ramachandran, senior counsel in the Brennan Centers Democracy program, told the Arizona Mirror. Ramachandran said that hand counts generally are part of the recount process and usually include counting one contest, not every race on every ballot.

Many of the groups pushing for hand counts also have been pushing for a one day, one vote style of voting as well that would do away with early voting. A bill that was killed by Arizona Speaker of the House Rusty Bowers and co-sponsored by Finchem would have done just that. It also would have required all ballots in Arizona to be counted by hand within 24 hours, among many other provisions.

In that scenario, Marson said that the state would likely need 8,000 more poll workers and another 8,000 to be hand counters.

Additionally, hand counting is rife for error and moving to machine tabulation was because of this issue, Marson said.

In most cases, hand counts are performed as a way to double-check the performance of a machine tabulator or when a race is extremely close. But those instances are still generally for one race.

It is a way of making sure there are no programming errors, Ramachandran said. Doing those routine audits to catch any problems is one of the best practices.

In Arizona, state law requires audits of the machines performance be done both before and after an election. And a sample of ballots cast in the election is audited by hand to ensure the electronic count is accurate.

Maricopa County had nine tabulators for the August primary election and will have 16 for next months general election, according to Maricopa County Elections Department spokeswoman Megan Gilbertson.

One county is already considering hand counting all the ballots it will see cast in its election this year, Cochise County. The effort is being pushed in part by county supervisor Peggy Judd who attended the Jan. 6 Capitol riot and posted QAnon conspiracy theories on her now defunct Facebook page.

While the Cochise County Board of Supervisors approved the push in a vote Tuesday, attorneys for the board disapproved and said no to the effort.

But this hasnt stopped conspiracy theorists even those in power from pushing to ban the machines.

On Oct. 1, Arizona Corporation Commissioner Jim OConnor hosted some of the loudest voices in the ban the machines movement at a movie theater in Tempe.

These machines are from the devil, OConnor, whose office has no oversight of elections, said to the small crowd.

Earlier in the week, OConnor had used his position as an Arizona Corporation Commissioner to mail out flyers for the event to county recorders across the state.

The event was a whos who of election deniers who have taken aim at election equipment in Arizona and across the country, spreading falsehoods about their performance to explain how Trump lost in 2020. Chief among them was former Mesa County Clerk Tina Peters, who is currently facing 10 felony charges after she allowed conspiracy theorists to copy and access sensitive voting software.

Peters lamented that the judge in her case was using his political power to keep her from anything dealing with elections.

My only crime is for backing up the election files, Peters claimed, communicating to the crowd via Zoom. Peters also celebrated that, after the breach was discovered, the voting equipment was decertified by the state something she is on the hook to pay for.

I was thinking, great, take them out, we will just hand-count everything, Peters said. There is no reason we cant hand count these ballots.

OConnor, who in September said he wanted to bring in 13 experts to testify to the Corporation Commission about voting machines, blamed the courts for not wanting to take on the political question and compared the situation to Nazi Germany.

It appears that all the courts in our states at the federal and state level dont want to handle the political question, OConnor said after a speaker said their case regarding election fraud was dismissed by the courts. Theyre all sitting scared, thinking, What are the people gonna do? So, theyre creating an Adolf Hitler-like (atmosphere), controlling speech

The event also included a litany of other speakers, such as election fraud fabulist Jovan Hutton Pulitzer.

And State Sen. Sonny Borelli, R-Lake Havasu, told the crowd that the movement he, Finchem and state Rep. Leo Biasucci led began when Democrat Adrian Fontes was elected Maricopa County Recorder in 2016. Fontes is Finchems opponent for secretary of state.

Borrelli effusively praised the idea of requiring Arizona ballots to be counted by hand, adding that he was not fond of mail-in voting either.

The event ended in a prayer, during which OConnor asked for courage for the supervisors and county elected officials.

These people are frightened for their lives and for their families, because you know who is running their show the devil, OConnor said.

***CORRECTION: This story has been corrected to reflect that theU.S. Election Assistance Commission certifies some, not all, of the election equipment in the country.

Read more:
Finchem wants to ban voting machines and do hand counts, that is 'unrealistic' - Arizona Mirror

Asperitas and Cast Software partner to accelerate cloud migrations – VentureBeat

Did you miss a session from MetaBeat 2022? Head over to the on-demand library for all of our featured sessions here.

In theory, migrating apps to the cloud should be as simple as installing existing apps on virtual machines (VMs) running in an Amazon data center. It is a bit more challenging in practice, owing to the configuration settings used to set up these applications. There can be significant differences in how apps are configured on private enterprise servers compared with VMs in the cloud.

More importantly, enterprises can get the most mileage from a simple migration by tuning configuration settings for the cloud. This helps cloud apps, even those just running on cloud hardware, take advantage of features like scalability and dynamic provisioning. But it is often a complicated and manual process.

Asperitas, a cloud services company, and Cast Software, which makes software intelligence tools, have partnered to automate this process. Asperitas has an established Application Modernization Framework to help enterprises inventory existing apps and migrate them to the cloud. Meanwhile, Cast has been developing tools like Cast Highlight and Cast Imaging for analyzing software infrastructure at scale.

Asperitas specialists will use Cast Highlight to determine an apps cloud-readiness, open-source risk and agility. This will allow enterprises to prioritize the order in which they move apps to the cloud based on readiness and value to the company.

Low-Code/No-Code Summit

Join todays leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.

Legacy applications were written to run on physical enterprise servers. As a result, they miss out on dynamic scaling features built into the cloud. Failing to take advantage of these features also eliminates many cost benefits and the ability to handle spikes in demand.

In addition, legacy apps are often configured with relatively static configuration settings. They are written with specific on-premises environments in mind that rarely change. This impedes modern cloud development practices, which include creating new test environments for functional, performance and security testing, and then destroying them when no longer needed.

Derek Ashmore, application transformation principal at Asperitas, told VentureBeat, Both of these problems, and there are many more, can be traced back to how the application is written.

Source-code analysis tools like Cast Highlight can automatically identify these kinds of issues at scale. Without tooling, this type of code analysis is done by hand, which takes time and labor.

Additionally, its not as accurate and is subject to human error, Ashmore said.

The tool can also guide customers from an application portfolio perspective. Asperitas uses Cast Highlight to help customers determine which applications to move to the cloud first. It can also identify applications that are likely to require more refactoring and will take more time. And sometimes, it finds applications that are so anti-cloud-native, they need to be rewritten.

Were now better able to guide customers holistically at an application portfolio level as a result of the Cast partnership, Ashmore explained. While we could provide some guidance before the partnership, the breadth and depth of that guidance has greatly improved.

Asperitas has already worked with Cast to help a large financial institution formulate its application modernization efforts. It also uses Cast to help application developers identify specific code changes to make apps cloud-native.

Cast has several competitors doing static code analysis, such as Veracode, Checkmarx and Fortinet. Many tend to focus on general code quality and complexity. Ashmore does not feel they are as focused on preparing applications for the cloud.

Companies have been analyzing software codebases to calculate complexity and plan software engineering projects for decades. But now software intelligence is starting to support new capabilities thanks to artificial intelligence (AI), machine learning and big data innovations.

Software analytics will exponentially improve from where it is today as artificial intelligence is increasingly used, Ashmore said. With that improvement will come higher quality information about applications and their limitations and vulnerabilities. I also believe that analytics will improve from a security perspective and make it easier to catch vulnerabilities earlier in the development process.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

See the original post here:
Asperitas and Cast Software partner to accelerate cloud migrations - VentureBeat