#software-security

[ follow ]
#cybersecurity
fromDevOps.com
1 month ago
Software development

JFrog Survey Surfaces Limited DevSecOps Gains - DevOps.com

71% of developers download packages directly from the internet, revealing significant security vulnerabilities.
Less than half of organizations adequately scan source code and binaries for vulnerabilities.
There is an ongoing challenge in integrating security practices into development workflows.
Over 33,000 critical vulnerabilities were disclosed in 2024, but many are not as exploitable as rated.
fromITPro
6 months ago
Information security

Inside Google's "promising and pragmatic" approach to fixing software development's memory safety problem

Google aims to enhance memory safety in codebases by promoting memory-safe languages while continuing to support existing memory-unsafe languages like C and C++.
The transition towards memory safety will be gradual due to the ongoing use of legacy code.
fromDevOps.com
3 months ago
Information security

How to Prove That Your Security-Aware Developers are a Cut Above the Rest - DevOps.com

Security-aware developers are vital for mitigating software security risks and reducing overall costs for organizations.
fromSecuritymagazine
3 months ago
Information security

CISA report calls on US government to close the software knowledge gap

The CISA report emphasizes the urgent need for the government to understand and secure software-controlled systems to mitigate vulnerabilities.
fromDevOps.com
1 month ago
Software development

JFrog Survey Surfaces Limited DevSecOps Gains - DevOps.com

71% of developers download packages directly from the internet, revealing significant security vulnerabilities.
Less than half of organizations adequately scan source code and binaries for vulnerabilities.
There is an ongoing challenge in integrating security practices into development workflows.
Over 33,000 critical vulnerabilities were disclosed in 2024, but many are not as exploitable as rated.
fromITPro
6 months ago
Information security

Inside Google's "promising and pragmatic" approach to fixing software development's memory safety problem

Google aims to enhance memory safety in codebases by promoting memory-safe languages while continuing to support existing memory-unsafe languages like C and C++.
The transition towards memory safety will be gradual due to the ongoing use of legacy code.
fromDevOps.com
3 months ago
Information security

How to Prove That Your Security-Aware Developers are a Cut Above the Rest - DevOps.com

Security-aware developers are vital for mitigating software security risks and reducing overall costs for organizations.
fromSecuritymagazine
3 months ago
Information security

CISA report calls on US government to close the software knowledge gap

The CISA report emphasizes the urgent need for the government to understand and secure software-controlled systems to mitigate vulnerabilities.
more#cybersecurity
#ai
fromDevOps.com
1 week ago
DevOps

Lineaje Leverages AI Agents to Secure Open Source Packages and Images - DevOps.com

Lineaje enhances open-source software security using AI-driven scanning and monitoring.
fromDevOps.com
1 week ago
Artificial intelligence

Legit Security Extends AI Reach of ASPM Platform - DevOps.com

Legit Security's platform enhances DevSecOps by using AI to identify vulnerabilities and suggest code remediations, streamlining security processes.
fromDevOps.com
1 week ago
DevOps

Lineaje Leverages AI Agents to Secure Open Source Packages and Images - DevOps.com

Lineaje enhances open-source software security using AI-driven scanning and monitoring.
fromDevOps.com
1 week ago
Artificial intelligence

Legit Security Extends AI Reach of ASPM Platform - DevOps.com

Legit Security's platform enhances DevSecOps by using AI to identify vulnerabilities and suggest code remediations, streamlining security processes.
more#ai
Artificial intelligence
fromIT Pro
1 week ago

Want to supercharge your vibe coding skills? Here are the best AI models developers can use to generate secure code

Vibe coding poses risks as AI-generated code often lacks adequate security measures, leading to vulnerabilities.
Artificial intelligence
fromDevOps.com
2 weeks ago

AI-Generated Code Packages Can Lead to 'Slopsquatting' Threat - DevOps.com

AI hallucinations can lead to incorrect or made-up package recommendations, posing security risks for software developers.
#open-source
fromDevOps.com
3 weeks ago
Software development

Report: Commerical Software Just as Vulnerable as Open Source - DevOps.com

Commercial software is as vulnerable as open-source code, highlighting the need for improved security measures.
Numerous risks exist in widely used applications, raising concerns for developers and security teams.
fromSecuritymagazine
5 months ago
Information security

U.S. is the to generator of anonymous open source contributions

The U.S. and Russia are the biggest contributors to open source projects, which carry significant vulnerabilities.
fromTheregister
6 months ago
JavaScript

Socket slurps $40M to strengthen software supply chain

Socket has secured $40 million in funding to enhance software supply chain security, totaling $65 million raised since its launch in 2021.
fromThe Hacker News
4 months ago
Information security

Not Your Old ActiveState: Introducing our End-to-End OS Platform

ActiveState remains dedicated to assisting enterprises with open source management, emphasizing the need for secure and compliant practices in software development.
fromDevOps.com
3 weeks ago
Software development

Report: Commerical Software Just as Vulnerable as Open Source - DevOps.com

Commercial software is as vulnerable as open-source code, highlighting the need for improved security measures.
Numerous risks exist in widely used applications, raising concerns for developers and security teams.
fromSecuritymagazine
5 months ago
Information security

U.S. is the to generator of anonymous open source contributions

The U.S. and Russia are the biggest contributors to open source projects, which carry significant vulnerabilities.
fromTheregister
6 months ago
JavaScript

Socket slurps $40M to strengthen software supply chain

Socket has secured $40 million in funding to enhance software supply chain security, totaling $65 million raised since its launch in 2021.
fromThe Hacker News
4 months ago
Information security

Not Your Old ActiveState: Introducing our End-to-End OS Platform

ActiveState remains dedicated to assisting enterprises with open source management, emphasizing the need for secure and compliant practices in software development.
more#open-source
#github
fromDevOps.com
2 months ago
DevOps

Endor Labs Extends Microsoft SCA Alliance to GitHub - DevOps.com

Endor Labs and GitHub's partnership enhances software vulnerability management directly within DevOps workflows.
The integration streamlines the discovery and remediation of vulnerabilities in the development process.
fromDevOps.com
6 months ago
Information security

Riveting Repositories: JFrog GitHub Unification Leaps Onward - DevOps.com

The partnership between JFrog and GitHub improves software supply chain security through integrated vulnerability findings and automatic remediation solutions.
DevOps
fromDevOps.com
2 months ago

Endor Labs Extends Microsoft SCA Alliance to GitHub - DevOps.com

Endor Labs and GitHub's partnership enhances software vulnerability management directly within DevOps workflows.
The integration streamlines the discovery and remediation of vulnerabilities in the development process.
fromDevOps.com
6 months ago
Information security

Riveting Repositories: JFrog GitHub Unification Leaps Onward - DevOps.com

The partnership between JFrog and GitHub improves software supply chain security through integrated vulnerability findings and automatic remediation solutions.
more#github
fromInfoWorld
3 months ago
JavaScript

Malicious package found in the Go ecosystem

A backdoored typosquat package was found in the Go ecosystem, highlighting dangers in package integrity.
The vulnerability lasted over three years with extensive dependencies affected.
#cisa
Artificial intelligence
fromFedScoop
6 months ago

CISA official: AI tools 'need to have a human in the loop'

CISA is developing AI security initiatives, emphasizing the importance of human oversight in cybersecurity processes despite the hype around AI technology.
fromComputerWeekly.com
3 months ago
Software development

"Unsafe At Any Speed". Comparing automobiles to code risk | Computer Weekly

Software security needs a shift in incentives, similar to automotive safety reforms of the 1960s.
Artificial intelligence
fromFedScoop
6 months ago

CISA official: AI tools 'need to have a human in the loop'

CISA is developing AI security initiatives, emphasizing the importance of human oversight in cybersecurity processes despite the hype around AI technology.
fromComputerWeekly.com
3 months ago
Software development

"Unsafe At Any Speed". Comparing automobiles to code risk | Computer Weekly

Software security needs a shift in incentives, similar to automotive safety reforms of the 1960s.
more#cisa
fromDevOps.com
3 months ago
Artificial intelligence

Report Surfaces DevSecOps Progress Despite Decline in Developer Training - DevOps.com

Increased SCA adoption contrasts a decline in security training for development teams, representing a concerning trend in software security practices.
AI reliance calls for evolving security practices to accommodate growing amounts of code needing scrutiny.
#memory-safety
Software development
fromInfoWorld
3 months ago

Researchers build a bridge from C to Rust and memory safety

A method to automatically translate C code to memory-safe Rust addresses long-standing memory safety vulnerabilities and software security issues.
fromTechRepublic
6 months ago
Information security

Software Makers Encouraged to Stop Using C/C++ by 2026

Software manufacturers are urged to transition away from memory-unsafe languages like C/C++ to mitigate risks associated with national security. Deadline for compliance is Jan. 1, 2026.
fromTheregister
9 months ago
Software development

DARPA suggests turning legacy C code automatically into Rust

The US Defense Advanced Research Projects Agency (DARPA) is developing TRACTOR to convert legacy C code into Rust using AI to enhance memory safety in programming languages.
fromTheregister
7 months ago
Privacy professionals

The empire of C++ strikes back with Safe C++ proposal

The C++ community proposes Safe C++ Extensions to enhance memory safety and reduce vulnerabilities in code.
Software development
fromInfoWorld
3 months ago

Researchers build a bridge from C to Rust and memory safety

A method to automatically translate C code to memory-safe Rust addresses long-standing memory safety vulnerabilities and software security issues.
fromTechRepublic
6 months ago
Information security

Software Makers Encouraged to Stop Using C/C++ by 2026

Software manufacturers are urged to transition away from memory-unsafe languages like C/C++ to mitigate risks associated with national security. Deadline for compliance is Jan. 1, 2026.
fromTheregister
9 months ago
Software development

DARPA suggests turning legacy C code automatically into Rust

The US Defense Advanced Research Projects Agency (DARPA) is developing TRACTOR to convert legacy C code into Rust using AI to enhance memory safety in programming languages.
fromTheregister
7 months ago
Privacy professionals

The empire of C++ strikes back with Safe C++ proposal

The C++ community proposes Safe C++ Extensions to enhance memory safety and reduce vulnerabilities in code.
more#memory-safety
fromTechCrunch
5 months ago
Miscellaneous

Workbrew makes open-source package manager Homebrew enterprise-friendly | TechCrunch

Workbrew aims to enhance security in companies using Homebrew by centralizing control and visibility over software installations.
fromCodeProject
7 months ago
JavaScript

(Non-)Nullable Reference Types

Nullable reference types in C# mislead by focusing on non-nullable variables rather than explicitly clarifying type distinctions.
The implementation of nullable reference types creates confusion and potential security vulnerabilities in C# applications.
Information security
fromThe Hacker News
8 months ago

Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers

A new supply chain attack technique called Revival Hijack targets the PyPI registry, allowing attackers to exploit existing packages for malicious intent.
[ Load more ]