Abstract: To write forgettable data to a blockchain, the forgettable data is transmitted to a server, from which encrypted data corresponding to the forgettable data are received. A hash of the forgettable data is generated. A data block including the encrypted data and control data including the hash is added to the blockchain.

Abstract: A current a version of an external component (e.g., an open-source component or a third-party component) that is used in a software application is identified. A new version of the current version of the external component is identified (supply chain components). For example, the new version may have been just released by an open-source community. In response to identifying the new version of the current version of the of the external component, a series of actions are implemented that include: identifying changes to Application Programming Interfaces (APIs) in the new version of the current version of the external component; identifying new vulnerabilities in the new version of the current version of the external component; and determining a quality history associated with the new version of the current version of the external component. Based on the actions, a composite score is generated and displayed to a developer.

Abstract: To write forgettable data to a blockchain, the forgettable data is transmitted to a server, from which encrypted data corresponding to the forgettable data are received. A hash of the forgettable data is generated. A data block including the encrypted data and control data including the hash is added to the blockchain.

Abstract: A method includes, by a computer associated with a security reporter, updating a component vulnerability entry blockchain to represent a state of a component vulnerability entry of a software component vulnerability database. The method includes, by the computer, providing the updated component vulnerability entry blockchain to a management authority so that the management authority updates a master blockchain for the software component vulnerability database. The updated master blockchain includes a plurality of component vulnerability entry blockchains, which represent corresponding states of component vulnerability entries of the software component vulnerability database, including the updated component vulnerability entry.

Abstract: In some examples, in response to detecting addition or update of a program component of a program, a system creates a blockchain entry for addition to a blockchain register, generates a hash based on the program component, and adds in the blockchain entry a signed hash produced by encrypting the generated hash. The system publishes the blockchain entry for the blockchain, the signed hash in a blockchain entry useable to detect tampering with the program component.

Abstract: A technique includes determining, by a computer, entries of a software vulnerability database that is associated with a plurality of components associated with a release of a software product. The technique includes determining, by the computer, a block of a blockchain representing a vulnerability state of the plurality of components; and associating, by the computer, the block of the blockchain with the product release.

Abstract: Response to incorrect passwords being entered for usernames in attempts to access a computing system, each incorrect password is one-way hashed. The hashed incorrect passwords are stored within a database. High-frequency hashed incorrect passwords are determined from the stored hashed incorrect passwords. Each high-frequency hashed incorrect password corresponds to an incorrect password that was entered more than a threshold number of the attempts, regardless of the username for which the incorrect password was entered in any attempt. That the computing system is being subjected to a cyber attack is detected based on the determined high-frequency hashed incorrect passwords.

Abstract: A technique includes determining, by a computer, entries of a software vulnerability database that is associated with a plurality of components associated with a release of a software product. The technique includes determining, by the computer, a block of a blockchain representing a vulnerability state of the plurality of components; and associating, by the computer, the block of the blockchain with the product release.

Abstract: A method includes, by a computer associated with a security reporter, updating a component vulnerability entry blockchain to represent a state of a component vulnerability entry of a software component vulnerability database. The method includes, by the computer, providing the updated component vulnerability entry blockchain to a management authority so that the management authority updates a master blockchain for the software component vulnerability database. The updated master blockchain includes a plurality of component vulnerability entry blockchains, which represent corresponding states of component vulnerability entries of the software component vulnerability database, including the updated component vulnerability entry.

Abstract: Response to incorrect passwords being entered for usernames in attempts to access a computing system, each incorrect password is one-way hashed. The hashed incorrect passwords are stored within a database. High-frequency hashed incorrect passwords are determined from the stored hashed incorrect passwords. Each high-frequency hashed incorrect password corresponds to an incorrect password that was entered more than a threshold number of the attempts, regardless of the username for which the incorrect password was entered in any attempt. That the computing system is being subjected to a cyber attack is detected based on the determined high-frequency hashed incorrect passwords.

Abstract: A pool of files are analyzed for relationships between the files. At least some of the files in the pool are encrypted files. The relationships are represented by distances between the files plotted on a graph in two or more dimensions. A point on the graph representing a particular file. The graph includes an interactive interface, such that points or clusters of points can be selected for re-analyzing and re-plotting on a refreshed graph for just those selected points or clusters.

Abstract: A secure server detects a login from a user originating from a first device. A second user-registered device is sent a message. The second device: translates the message into light-based communication that is captured by a camera of the first device, translates the message back into the original message, and sends the translated message to the secure server. The secure server authenticates the message and sends an indication to the first device that the second device is permitted to access the first device. In an embodiment, information passed between the first and second devices continue using light-based communications.

Abstract: In some examples, in response to detecting addition or update of a program component of a program, a system creates a blockchain entry for addition to a blockchain register, generates a hash based on the program component, and adds in the blockchain entry a signed hash produced by encrypting the generated hash. The system publishes the blockchain entry for the blockchain, the signed hash in a blockchain entry useable to detect tampering with the program component.

Abstract: A late-binding token (LBT) is securely generated and provided to a device application. When the LBT is presented and validated, a resource associated with the presentation is bound to the LBT and authenticated for access to a service and provided valid credentials for accessing that service.

Abstract: An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset.

Abstract: Multi-touch groupings of characters are detected for device authentication and access. In an embodiment, one or more non-character based factors are used in combination with an inputted authentication code (character based) for device authentication and access.

Abstract: Techniques for device independent session migration are presented. A secure mechanism is presented for a target device to receive a current authenticated communication session from an original device with minimal user interaction while automated security is enforced during session migration. In an embodiment, the target device is a mobile device and the original device is a desktop; the target device captures a data glyph that is visually presented on a display of the original device and the data glyph is then seamlessly communicated to a server manager for authentication and session migration.

Abstract: A user of a system defines a limited use access token for an external user for that external user to access defined resources of the system based on the user's account with the system. An access control system validates the access token when the external user attempts to access the defined resources and grants the external principal access to the defined resources.

Abstract: Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token.

Abstract: Techniques for resetting authentication for touch-enabled devices are presented. When a user authenticates to a mobile device a touch profile (TP) is recorded. Each subsequent time the user unlocks a locked mobile device via touch, a new TP is noted. The new TP is compared to the recorded TP and if the deviation is within an acceptable tolerance, the user is permitted access to the mobile device without re-authentication. When the new TP is not within the acceptable tolerance of the recorded TP, the user is forced to re-authenticate before access is granted to the mobile device.