Not Your Old ActiveState: Introducing our End-to-End OS Platform
ActiveState remains dedicated to assisting enterprises with open source management, emphasizing the need for secure and compliant practices in software development.
Report Surfaces DevSecOps Progress Despite Decline in Developer Training - DevOps.com
Increased SCA adoption contrasts a decline in security training for development teams, representing a concerning trend in software security practices.
AI reliance calls for evolving security practices to accommodate growing amounts of code needing scrutiny.
From Concept to Reality: How ASPM Brings DevSecOps to Life - DevOps.com
ASPM strengthens security in CI/CD, bridging the gap between DevSecOps theory and practice.
Not Your Old ActiveState: Introducing our End-to-End OS Platform
ActiveState remains dedicated to assisting enterprises with open source management, emphasizing the need for secure and compliant practices in software development.
Report Surfaces DevSecOps Progress Despite Decline in Developer Training - DevOps.com
Increased SCA adoption contrasts a decline in security training for development teams, representing a concerning trend in software security practices.
AI reliance calls for evolving security practices to accommodate growing amounts of code needing scrutiny.
From Concept to Reality: How ASPM Brings DevSecOps to Life - DevOps.com
ASPM strengthens security in CI/CD, bridging the gap between DevSecOps theory and practice.
Entry points in programming packages are a security vulnerability that attackers can exploit to execute malicious code without immediate detection.
Report: Software security awareness training is at an all-time low
The 2023 BSIMM report shows a decline in offering basic security training, highlighting the need for ongoing education in cybersecurity.
New malware justifies Apple's locked-down security strategy
Trusting legitimate sources is crucial to avoid malware attacks on Macs.
Inside Google's "promising and pragmatic" approach to fixing software development's memory safety problem
Google aims to enhance memory safety in codebases by promoting memory-safe languages while continuing to support existing memory-unsafe languages like C and C++.
The transition towards memory safety will be gradual due to the ongoing use of legacy code.
White House Recommends Memory-Safe Programming Languages and Security-by-Design
Implement memory-safe programming languages like Python, Java, C#.
Develop and support new metrics for measuring hardware security.
White House to study open source software in critical infrastructure
The White House is establishing a new office under the National Cyber Director to focus on securing open source software in critical infrastructure.
Entry points in programming packages are a security vulnerability that attackers can exploit to execute malicious code without immediate detection.
Report: Software security awareness training is at an all-time low
The 2023 BSIMM report shows a decline in offering basic security training, highlighting the need for ongoing education in cybersecurity.
New malware justifies Apple's locked-down security strategy
Trusting legitimate sources is crucial to avoid malware attacks on Macs.
Inside Google's "promising and pragmatic" approach to fixing software development's memory safety problem
Google aims to enhance memory safety in codebases by promoting memory-safe languages while continuing to support existing memory-unsafe languages like C and C++.
The transition towards memory safety will be gradual due to the ongoing use of legacy code.
Researchers build a bridge from C to Rust and memory safety
A method to automatically translate C code to memory-safe Rust addresses long-standing memory safety vulnerabilities and software security issues.
Software Makers Encouraged to Stop Using C/C++ by 2026
Software manufacturers are urged to transition away from memory-unsafe languages like C/C++ to mitigate risks associated with national security. Deadline for compliance is Jan. 1, 2026.
DARPA suggests turning legacy C code automatically into Rust
The US Defense Advanced Research Projects Agency (DARPA) is developing TRACTOR to convert legacy C code into Rust using AI to enhance memory safety in programming languages.
The empire of C++ strikes back with Safe C++ proposal
The C++ community proposes Safe C++ Extensions to enhance memory safety and reduce vulnerabilities in code.
Researchers build a bridge from C to Rust and memory safety
A method to automatically translate C code to memory-safe Rust addresses long-standing memory safety vulnerabilities and software security issues.
Software Makers Encouraged to Stop Using C/C++ by 2026
Software manufacturers are urged to transition away from memory-unsafe languages like C/C++ to mitigate risks associated with national security. Deadline for compliance is Jan. 1, 2026.
DARPA suggests turning legacy C code automatically into Rust
The US Defense Advanced Research Projects Agency (DARPA) is developing TRACTOR to convert legacy C code into Rust using AI to enhance memory safety in programming languages.
The empire of C++ strikes back with Safe C++ proposal
The C++ community proposes Safe C++ Extensions to enhance memory safety and reduce vulnerabilities in code.
The partnership between JFrog and GitHub improves software supply chain security through integrated vulnerability findings and automatic remediation solutions.
JFrog and GitHub unveil open source security integrations | Computer Weekly
JFrog and GitHub's integration aims to improve software security throughout the development cycle, enhancing efficiency and lowering vulnerabilities.
The partnership between JFrog and GitHub improves software supply chain security through integrated vulnerability findings and automatic remediation solutions.
JFrog and GitHub unveil open source security integrations | Computer Weekly
JFrog and GitHub's integration aims to improve software security throughout the development cycle, enhancing efficiency and lowering vulnerabilities.
CISA official: AI tools 'need to have a human in the loop'
CISA is developing AI security initiatives, emphasizing the importance of human oversight in cybersecurity processes despite the hype around AI technology.
Software vendors are flocking to CISA's Secure by Design Pledge
More than 180 software companies have committed to CISA's Secure by Design Pledge to enhance product security by integrating security principles into the design and manufacturing process.
CISA official: AI tools 'need to have a human in the loop'
CISA is developing AI security initiatives, emphasizing the importance of human oversight in cybersecurity processes despite the hype around AI technology.
Software vendors are flocking to CISA's Secure by Design Pledge
More than 180 software companies have committed to CISA's Secure by Design Pledge to enhance product security by integrating security principles into the design and manufacturing process.
A new supply chain attack technique called Revival Hijack targets the PyPI registry, allowing attackers to exploit existing packages for malicious intent.
GitHub Steers Copilot Autofix Into Eye of AI Security Storm - DevOps.com
GitHub's Copilot Autofix tool automates vulnerability remediation, reducing time and expertise needed from developers.
The tool integrates advanced AI technologies to suggest code fixes in real-time, enhancing development efficiency.
How to fix the military's software SNAFU
Software industry must address security vulnerabilities for military use.
Embracing secure software solutions can mitigate risks in military operations.
Designing for Security - DZone
Security is often overlooked in software application design.
Implementing security changes after the system is in production is costly.
Why Bloat Is Still Software's Biggest Vulnerability
The way we build and ship software today is leading to bloated code and poor software security.
The current state of software is untenable and many programmers and their managers haven't experienced anything different.
Software Bill-of-Materials documents are now available for CPython
The Python Software Foundation has released Software Bill-of-Materials (SBOM) documents for CPython source releases to improve vulnerability management.
SBOMs provide a comprehensive scan for software vulnerabilities and reduce the chances of vulnerabilities being missed by scanners.
European Commissioner for Internal Market and U.S. Secretary of Homeland Security discussed collaboration on cybersecurity measures
They aim to advance cooperation in critical infrastructure protection, crisis management, software security, post quantum cryptography, and cybersecurity of artificial intelligence
Microsoft's Recall puts the Biden administration's cyber credibility on the line
The Biden administration's cybersecurity initiatives face challenges in actual implementation and security concerns in tech products.