#software-security

[ follow ]

Workbrew makes open-source package manager Homebrew enterprise-friendly | TechCrunch

Workbrew aims to enhance security in companies using Homebrew by centralizing control and visibility over software installations.
#memory-safety

White House Recommends Memory-Safe Programming Languages and Security-by-Design

Implement memory-safe programming languages like Python, Java, C#.
Develop and support new metrics for measuring hardware security.

Inside Google's "promising and pragmatic" approach to fixing software development's memory safety problem

Google aims to enhance memory safety in codebases by promoting memory-safe languages while continuing to support existing memory-unsafe languages like C and C++.
The transition towards memory safety will be gradual due to the ongoing use of legacy code.

Software Makers Encouraged to Stop Using C/C++ by 2026

Software manufacturers are urged to transition away from memory-unsafe languages like C/C++ to mitigate risks associated with national security. Deadline for compliance is Jan. 1, 2026.

DARPA suggests turning legacy C code automatically into Rust

The US Defense Advanced Research Projects Agency (DARPA) is developing TRACTOR to convert legacy C code into Rust using AI to enhance memory safety in programming languages.

The empire of C++ strikes back with Safe C++ proposal

The C++ community proposes Safe C++ Extensions to enhance memory safety and reduce vulnerabilities in code.

White House Recommends Memory-Safe Programming Languages and Security-by-Design

Implement memory-safe programming languages like Python, Java, C#.
Develop and support new metrics for measuring hardware security.

Inside Google's "promising and pragmatic" approach to fixing software development's memory safety problem

Google aims to enhance memory safety in codebases by promoting memory-safe languages while continuing to support existing memory-unsafe languages like C and C++.
The transition towards memory safety will be gradual due to the ongoing use of legacy code.

Software Makers Encouraged to Stop Using C/C++ by 2026

Software manufacturers are urged to transition away from memory-unsafe languages like C/C++ to mitigate risks associated with national security. Deadline for compliance is Jan. 1, 2026.

DARPA suggests turning legacy C code automatically into Rust

The US Defense Advanced Research Projects Agency (DARPA) is developing TRACTOR to convert legacy C code into Rust using AI to enhance memory safety in programming languages.

The empire of C++ strikes back with Safe C++ proposal

The C++ community proposes Safe C++ Extensions to enhance memory safety and reduce vulnerabilities in code.
morememory-safety
#cybersecurity

White House to study open source software in critical infrastructure

The White House is establishing a new office under the National Cyber Director to focus on securing open source software in critical infrastructure.

Entry points threaten multiple open-source ecosystems

Entry points in programming packages are a security vulnerability that attackers can exploit to execute malicious code without immediate detection.

How to make open source software more secure | TechCrunch

A backdoor was found in XZ Utils, highlighting significant security vulnerabilities in open source software that can lead to severe cybersecurity risks.

Extracting vendor promises won't fix cybersecurity

Cybersecurity is currently inadequate, and real change relies on accountability from software vendors and customers.
The glamorization of cybercriminals hinders proper understanding of the risks involved.

Copilot, Studio bots are woefully insecure, says Zenity CTO

Common enterprise software like Microsoft Copilot may have security flaws due to insecure defaults.

Google takes shots at Microsoft for shoddy security record w

Google recommends moving from Microsoft software to Google's for enhanced security.

White House to study open source software in critical infrastructure

The White House is establishing a new office under the National Cyber Director to focus on securing open source software in critical infrastructure.

Entry points threaten multiple open-source ecosystems

Entry points in programming packages are a security vulnerability that attackers can exploit to execute malicious code without immediate detection.

How to make open source software more secure | TechCrunch

A backdoor was found in XZ Utils, highlighting significant security vulnerabilities in open source software that can lead to severe cybersecurity risks.

Extracting vendor promises won't fix cybersecurity

Cybersecurity is currently inadequate, and real change relies on accountability from software vendors and customers.
The glamorization of cybercriminals hinders proper understanding of the risks involved.

Copilot, Studio bots are woefully insecure, says Zenity CTO

Common enterprise software like Microsoft Copilot may have security flaws due to insecure defaults.

Google takes shots at Microsoft for shoddy security record w

Google recommends moving from Microsoft software to Google's for enhanced security.
morecybersecurity
#jfrog

Riveting Repositories: JFrog GitHub Unification Leaps Onward - DevOps.com

The partnership between JFrog and GitHub improves software supply chain security through integrated vulnerability findings and automatic remediation solutions.

JFrog and GitHub unveil open source security integrations | Computer Weekly

JFrog and GitHub's integration aims to improve software security throughout the development cycle, enhancing efficiency and lowering vulnerabilities.

Riveting Repositories: JFrog GitHub Unification Leaps Onward - DevOps.com

The partnership between JFrog and GitHub improves software supply chain security through integrated vulnerability findings and automatic remediation solutions.

JFrog and GitHub unveil open source security integrations | Computer Weekly

JFrog and GitHub's integration aims to improve software security throughout the development cycle, enhancing efficiency and lowering vulnerabilities.
morejfrog
#open-source

Socket slurps $40M to strengthen software supply chain

Socket has secured $40 million in funding to enhance software supply chain security, totaling $65 million raised since its launch in 2021.

Why You Can't Afford to Miss All Day DevOps on October 10th - DevOps.com

All Day DevOps is a leading, accessible virtual conference shaping the future of DevOps and addressing current challenges in software development.

Socket slurps $40M to strengthen software supply chain

Socket has secured $40 million in funding to enhance software supply chain security, totaling $65 million raised since its launch in 2021.

Why You Can't Afford to Miss All Day DevOps on October 10th - DevOps.com

All Day DevOps is a leading, accessible virtual conference shaping the future of DevOps and addressing current challenges in software development.
moreopen-source
#cisa

CISA official: AI tools 'need to have a human in the loop'

CISA is developing AI security initiatives, emphasizing the importance of human oversight in cybersecurity processes despite the hype around AI technology.

Software vendors are flocking to CISA's Secure by Design Pledge

More than 180 software companies have committed to CISA's Secure by Design Pledge to enhance product security by integrating security principles into the design and manufacturing process.

CISA official: AI tools 'need to have a human in the loop'

CISA is developing AI security initiatives, emphasizing the importance of human oversight in cybersecurity processes despite the hype around AI technology.

Software vendors are flocking to CISA's Secure by Design Pledge

More than 180 software companies have committed to CISA's Secure by Design Pledge to enhance product security by integrating security principles into the design and manufacturing process.
morecisa

Validate Your APIs With Ease Using WuppieFuzz: Open Source Fuzzing for REST APIs | HackerNoon

Automated testing is essential for effective software quality assurance in today's complex landscape.

(Non-)Nullable Reference Types

Nullable reference types in C# mislead by focusing on non-nullable variables rather than explicitly clarifying type distinctions.
The implementation of nullable reference types creates confusion and potential security vulnerabilities in C# applications.

Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers

A new supply chain attack technique called Revival Hijack targets the PyPI registry, allowing attackers to exploit existing packages for malicious intent.
#devops

DevOps Must Learn From CrowdStrike's Outage - DevOps.com

Robust deployment strategies are essential for maintaining security and reliability in complex software ecosystems.

Navigating the Maze of SSDLC Models: A DevOps-Centric Analysis - DevOps.com

Secure SDLC is crucial for software development.
Microsoft's SDL and OWASP SAMM are prominent SSDLC models.

DevOps Must Learn From CrowdStrike's Outage - DevOps.com

Robust deployment strategies are essential for maintaining security and reliability in complex software ecosystems.

Navigating the Maze of SSDLC Models: A DevOps-Centric Analysis - DevOps.com

Secure SDLC is crucial for software development.
Microsoft's SDL and OWASP SAMM are prominent SSDLC models.
moredevops

First European InfoQ Dev Summit to Take Place Next Month in Munich

The European InfoQ Dev Summit emphasizes software security and resilience for developers amid evolving cyber threats and industry challenges.
#generative-ai

AI bots hallucinate software packages and devs download them

Big businesses incorporated fake package from AI hallucinations, risking widespread installation.
AI-generated package names can potentially be exploited to distribute malicious code by mimicking invented dependencies.

InfoQ Dev Summit Munich 2024 Summer Sale: Learn About GenAI, Secure Supply Chains, and Scalable Arch

The InfoQ Dev Summit Munich is an event focused on actionable insights for software developers, emphasizing peer networking and expert-led sessions.

AI bots hallucinate software packages and devs download them

Big businesses incorporated fake package from AI hallucinations, risking widespread installation.
AI-generated package names can potentially be exploited to distribute malicious code by mimicking invented dependencies.

InfoQ Dev Summit Munich 2024 Summer Sale: Learn About GenAI, Secure Supply Chains, and Scalable Arch

The InfoQ Dev Summit Munich is an event focused on actionable insights for software developers, emphasizing peer networking and expert-led sessions.
moregenerative-ai

GitHub Steers Copilot Autofix Into Eye of AI Security Storm - DevOps.com

GitHub's Copilot Autofix tool automates vulnerability remediation, reducing time and expertise needed from developers.
The tool integrates advanced AI technologies to suggest code fixes in real-time, enhancing development efficiency.
#vulnerabilities

Zero Day Initiative - The May 2024 Security Update Review

Keeping software updated with the latest security patches is crucial to prevent known vulnerabilities from being exploited by attackers.

CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code

More than half of critical open-source projects contain memory-unsafe code, leading to vulnerabilities like buffer overflows and memory leaks.

Zero Day Initiative - The May 2024 Security Update Review

Keeping software updated with the latest security patches is crucial to prevent known vulnerabilities from being exploited by attackers.

CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code

More than half of critical open-source projects contain memory-unsafe code, leading to vulnerabilities like buffer overflows and memory leaks.
morevulnerabilities

How to fix the military's software SNAFU

Software industry must address security vulnerabilities for military use.
Embracing secure software solutions can mitigate risks in military operations.

Designing for Security - DZone

Security is often overlooked in software application design.
Implementing security changes after the system is in production is costly.

Why Bloat Is Still Software's Biggest Vulnerability

The way we build and ship software today is leading to bloated code and poor software security.
The current state of software is untenable and many programmers and their managers haven't experienced anything different.

Software Bill-of-Materials documents are now available for CPython

The Python Software Foundation has released Software Bill-of-Materials (SBOM) documents for CPython source releases to improve vulnerability management.
SBOMs provide a comprehensive scan for software vulnerabilities and reduce the chances of vulnerabilities being missed by scanners.
from Iapp
9 months ago

EU, US to collaborate on cybersecurity measures

European Commissioner for Internal Market and U.S. Secretary of Homeland Security discussed collaboration on cybersecurity measures
They aim to advance cooperation in critical infrastructure protection, crisis management, software security, post quantum cryptography, and cybersecurity of artificial intelligence

From Concept to Reality: How ASPM Brings DevSecOps to Life - DevOps.com

ASPM strengthens security in CI/CD, bridging the gap between DevSecOps theory and practice.

Microsoft's Recall puts the Biden administration's cyber credibility on the line

The Biden administration's cybersecurity initiatives face challenges in actual implementation and security concerns in tech products.
[ Load more ]