Open source projects drown in bad bug reports penned by AI
AI-generated vulnerability reports often lack quality, burdening open-source developers with misleading and time-consuming submissions.
Linux Foundation report highlights the true state of open-source libraries in production apps | TechCrunch
The Census III report offers a detailed overview of open-source component usage, emphasizing security and programming language trends.
U.S. is the to generator of anonymous open source contributions
The U.S. and Russia are the biggest contributors to open source projects, which carry significant vulnerabilities.
Socket slurps $40M to strengthen software supply chain
Socket has secured $40 million in funding to enhance software supply chain security, totaling $65 million raised since its launch in 2021.
Not Your Old ActiveState: Introducing our End-to-End OS Platform
ActiveState remains dedicated to assisting enterprises with open source management, emphasizing the need for secure and compliant practices in software development.
Why You Can't Afford to Miss All Day DevOps on October 10th - DevOps.com
All Day DevOps is a leading, accessible virtual conference shaping the future of DevOps and addressing current challenges in software development.
Open source projects drown in bad bug reports penned by AI
AI-generated vulnerability reports often lack quality, burdening open-source developers with misleading and time-consuming submissions.
Linux Foundation report highlights the true state of open-source libraries in production apps | TechCrunch
The Census III report offers a detailed overview of open-source component usage, emphasizing security and programming language trends.
U.S. is the to generator of anonymous open source contributions
The U.S. and Russia are the biggest contributors to open source projects, which carry significant vulnerabilities.
Socket slurps $40M to strengthen software supply chain
Socket has secured $40 million in funding to enhance software supply chain security, totaling $65 million raised since its launch in 2021.
Not Your Old ActiveState: Introducing our End-to-End OS Platform
ActiveState remains dedicated to assisting enterprises with open source management, emphasizing the need for secure and compliant practices in software development.
Why You Can't Afford to Miss All Day DevOps on October 10th - DevOps.com
All Day DevOps is a leading, accessible virtual conference shaping the future of DevOps and addressing current challenges in software development.
Entry points in programming packages are a security vulnerability that attackers can exploit to execute malicious code without immediate detection.
Inside Google's "promising and pragmatic" approach to fixing software development's memory safety problem
Google aims to enhance memory safety in codebases by promoting memory-safe languages while continuing to support existing memory-unsafe languages like C and C++.
The transition towards memory safety will be gradual due to the ongoing use of legacy code.
How to make open source software more secure | TechCrunch
A backdoor was found in XZ Utils, highlighting significant security vulnerabilities in open source software that can lead to severe cybersecurity risks.
Entry points in programming packages are a security vulnerability that attackers can exploit to execute malicious code without immediate detection.
Inside Google's "promising and pragmatic" approach to fixing software development's memory safety problem
Google aims to enhance memory safety in codebases by promoting memory-safe languages while continuing to support existing memory-unsafe languages like C and C++.
The transition towards memory safety will be gradual due to the ongoing use of legacy code.
How to make open source software more secure | TechCrunch
A backdoor was found in XZ Utils, highlighting significant security vulnerabilities in open source software that can lead to severe cybersecurity risks.
Software Makers Encouraged to Stop Using C/C++ by 2026
Software manufacturers are urged to transition away from memory-unsafe languages like C/C++ to mitigate risks associated with national security. Deadline for compliance is Jan. 1, 2026.
DARPA suggests turning legacy C code automatically into Rust
The US Defense Advanced Research Projects Agency (DARPA) is developing TRACTOR to convert legacy C code into Rust using AI to enhance memory safety in programming languages.
The empire of C++ strikes back with Safe C++ proposal
The C++ community proposes Safe C++ Extensions to enhance memory safety and reduce vulnerabilities in code.
Software Makers Encouraged to Stop Using C/C++ by 2026
Software manufacturers are urged to transition away from memory-unsafe languages like C/C++ to mitigate risks associated with national security. Deadline for compliance is Jan. 1, 2026.
DARPA suggests turning legacy C code automatically into Rust
The US Defense Advanced Research Projects Agency (DARPA) is developing TRACTOR to convert legacy C code into Rust using AI to enhance memory safety in programming languages.
The empire of C++ strikes back with Safe C++ proposal
The C++ community proposes Safe C++ Extensions to enhance memory safety and reduce vulnerabilities in code.
The partnership between JFrog and GitHub improves software supply chain security through integrated vulnerability findings and automatic remediation solutions.
JFrog and GitHub unveil open source security integrations | Computer Weekly
JFrog and GitHub's integration aims to improve software security throughout the development cycle, enhancing efficiency and lowering vulnerabilities.
The partnership between JFrog and GitHub improves software supply chain security through integrated vulnerability findings and automatic remediation solutions.
JFrog and GitHub unveil open source security integrations | Computer Weekly
JFrog and GitHub's integration aims to improve software security throughout the development cycle, enhancing efficiency and lowering vulnerabilities.
CISA official: AI tools 'need to have a human in the loop'
CISA is developing AI security initiatives, emphasizing the importance of human oversight in cybersecurity processes despite the hype around AI technology.
Software vendors are flocking to CISA's Secure by Design Pledge
More than 180 software companies have committed to CISA's Secure by Design Pledge to enhance product security by integrating security principles into the design and manufacturing process.
CISA official: AI tools 'need to have a human in the loop'
CISA is developing AI security initiatives, emphasizing the importance of human oversight in cybersecurity processes despite the hype around AI technology.
Software vendors are flocking to CISA's Secure by Design Pledge
More than 180 software companies have committed to CISA's Secure by Design Pledge to enhance product security by integrating security principles into the design and manufacturing process.
A new supply chain attack technique called Revival Hijack targets the PyPI registry, allowing attackers to exploit existing packages for malicious intent.
Software industry must address security vulnerabilities for military use.
Embracing secure software solutions can mitigate risks in military operations.
Designing for Security - DZone
Security is often overlooked in software application design.
Implementing security changes after the system is in production is costly.
Why Bloat Is Still Software's Biggest Vulnerability
The way we build and ship software today is leading to bloated code and poor software security.
The current state of software is untenable and many programmers and their managers haven't experienced anything different.
Software Bill-of-Materials documents are now available for CPython
The Python Software Foundation has released Software Bill-of-Materials (SBOM) documents for CPython source releases to improve vulnerability management.
SBOMs provide a comprehensive scan for software vulnerabilities and reduce the chances of vulnerabilities being missed by scanners.
European Commissioner for Internal Market and U.S. Secretary of Homeland Security discussed collaboration on cybersecurity measures
They aim to advance cooperation in critical infrastructure protection, crisis management, software security, post quantum cryptography, and cybersecurity of artificial intelligence
From Concept to Reality: How ASPM Brings DevSecOps to Life - DevOps.com
ASPM strengthens security in CI/CD, bridging the gap between DevSecOps theory and practice.
Microsoft's Recall puts the Biden administration's cyber credibility on the line
The Biden administration's cybersecurity initiatives face challenges in actual implementation and security concerns in tech products.