China Delaying Release of Critical Vulnerability Reports, Analysis Finds

Today’s topics include China delaying the release of high-severity vulnerability reports; Workday improving user experience with its HCM homepage; Google releasing an enterprise version of its Dialogflow chatbot API; and Microsoft announcing more open-source ventures.

According to a Nov. 16 report by threat analysis firm Recorded Future, the Chinese National Vulnerability Database is noticeably slower than the U.S. National Vulnerability Database to report high-severity vulnerabilities used in popular exploit kits that could be used in attacks. However, the Chinese database does publish low-severity vulnerabilities faster than the U.S. NVD.

This suggests that China purposefully slows the release of information for possibly exploitable vulnerabilities, Priscilla Moriuchi, director of strategic threat development for Recorded Future, told eWEEK.

Meanwhile, the Trump administration has actually vowed to be more transparent as it evaluates its own process of striking a balance between disclosing vulnerabilities to harden information systems against attack and withholding information on vulnerabilities to be used to investigate criminals’ systems and attack rogue online actors. White House Cybersecurity Coordinator Rob Joyce said, “The challenge is to find and sustain the capability to hold rogue cyber actors at risk without increasing the likelihood that known vulnerabilities will be exploited.”

Workday is adding new intelligent capabilities into its Human Capital Management application's homepage for employees. This "new people experience" draws insights from the employee information within Workday HCM to deliver personalized HR content and contextual suggestions on a homepage that resembles a social media feed.

In terms of collaboration, it will feature a built-in search function that burrows into the full text of posted policies and shared documents. Organizations will also be able to use APIs for integration with their productivity and collaboration apps or to enable employee interaction with third-party financial services companies or benefits programs.

Finally, employers can use Workday Designer to add their logos and customize the homepage to fit their corporate brand.

Google has rolled out an enterprise edition of Dialogflow, an application programming interface that developers can use to build support for voice recognition and conversational capabilities in their applications. The API, currently available in beta, can be used in areas such as customer service and support, e-commerce, enterprise productivity and the internet of things.

Dialogflow's conversational interaction capability is powered by machine learning and offers 30 prebuilt agents that developers can use to quickly enable responses to certain types of popular voice interactions. Dialogflow also supports advanced fulfillment capabilities, so developers can use the API to build apps that respond to a wide range of voice commands.

Unlike the standard version, the enterprise version comes with full Google Cloud support and is targeted at larger organizations that need enterprise-grade service.

At its Connect 2017 conference in New York last week, Microsoft stepped up its open-source game by embracing Databricks, Cassandra and other open-source projects, hoping to become the go-to cloud provider for enterprise developers.

Its new Azure Databricks service—a big data analytics platform based on Apache Spark—"combines the best of Databricks and Azure to help customers accelerate innovation with one-click setup, streamlined workflows, and an interactive workspace," said Scott Guthrie, executive vice president of Microsoft’s Cloud and Enterprise group.

Microsoft also released a preview API allowing developers to seamlessly target Cosmos DB on the Apache Cassandra open-source database management system. The new API will allow developers to reuse their existing code and use the globally distributed Cosmos DB NoSQL service as the basis for "Cassandra-as-a-service" implementations. Additionally, Microsoft has become a platinum member of the MariaDB Foundation and is working on a cloud service built on the popular open-source MariaDB relational database.