code

Tackling software vulnerabilities with smarter developer strategies

Application Security, code, cybersecurity, Don't miss, Endor Labs, Features, Hot stuff, News, opinion, software, web application security /

Tackling software vulnerabilities with smarter developer strategies 2024-12-13 at 07:03 By Mirko Zorz In this Help Net Security interview, Karl Mattson, CISO at Endor Labs, discusses strategies for enhancing secure software development. Mattson covers how developers can address vulnerabilities in complex systems, ways organizations can better support secure coding practices, and the role of languages […]

React to this headline:

Loading spinner

Tackling software vulnerabilities with smarter developer strategies Read More »

70% of open-source components are poorly or no longer maintained

code, cyber risk, cybersecurity, Lineaje, News, open source, report, software, survey /

70% of open-source components are poorly or no longer maintained 2024-12-04 at 06:35 By Help Net Security The geographic distribution of open-source contributions introduces geopolitical risks that organizations must urgently consider, especially with rising nation-state attacks, according to Lineaje. Open-source code risks rise with anonymous contributions Microsoft estimates that its customers face 600 million cyberattacks

React to this headline:

Loading spinner

70% of open-source components are poorly or no longer maintained Read More »

Transforming code scanning and threat detection with GenAI

Application Security, Artificial Intelligence, code, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Qwiet AI, scanning /

Transforming code scanning and threat detection with GenAI 2024-11-18 at 07:33 By Mirko Zorz In this Help Net Security interview, Stuart McClure, CEO of Qwiet AI, discusses the evolution of code scanning practices, highlighting the shift from reactive fixes to proactive risk management. McClure also shares his perspective on the future of AI-driven code scanning,

React to this headline:

Loading spinner

Transforming code scanning and threat detection with GenAI Read More »

AI learning mechanisms may lead to increase in codebase leaks

Application Security, code, CyberArk, cybersecurity, digital transformation, GitGuardian, News, report, survey /

AI learning mechanisms may lead to increase in codebase leaks 2024-11-05 at 06:03 By Help Net Security The proliferation of non-human identities and the complexity of modern application architectures has created significant security challenges, particularly in managing sensitive credentials, according to GitGuardian. Based on a survey of 1,000 IT decision-makers in organizations with over 500

React to this headline:

Loading spinner

AI learning mechanisms may lead to increase in codebase leaks Read More »

50% of financial orgs have high-severity security flaws in their apps

Application Security, code, cybersecurity, News, report, software, survey, Veracode /

50% of financial orgs have high-severity security flaws in their apps 2024-11-01 at 08:03 By Help Net Security Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 76% of organizations in the financial services sector, with 50% of organizations carrying critical security debt, according to Veracode.

React to this headline:

Loading spinner

50% of financial orgs have high-severity security flaws in their apps Read More »

The number of Android memory safety vulnerabilities has tumbled, and here’s why

Android, code, cybersecurity, Don't miss, Hot stuff, News, programming, software development, vulnerability /

The number of Android memory safety vulnerabilities has tumbled, and here’s why 2024-09-26 at 15:32 By Zeljka Zorz Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety vulnerabilities, despite old code (written in C/C++) not having been rewritten. The number

React to this headline:

Loading spinner

The number of Android memory safety vulnerabilities has tumbled, and here’s why Read More »

Security leaders consider banning AI coding due to security risks

Artificial Intelligence, code, cybersecurity, generative AI, News, open source, report, survey, Venafi /

Security leaders consider banning AI coding due to security risks 2024-09-19 at 06:02 By Help Net Security 92% of security leaders have concerns about the use of AI-generated code within their organization, according to Venafi. Tension between security and developer teams 83% of security leaders say their developers currently use AI to generate code, with

React to this headline:

Loading spinner

Security leaders consider banning AI coding due to security risks Read More »

Detecting vulnerable code in software dependencies is more complex than it seems

code, code analysis, cybersecurity, Don't miss, Endor Labs, Features, Hot stuff, News, open source, opinion, remediation, SCA, software, vulnerability management /

Detecting vulnerable code in software dependencies is more complex than it seems 2024-09-18 at 07:31 By Mirko Zorz In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within software dependencies. Plate also discusses the limitations of traditional software composition analysis (SCA) solutions

React to this headline:

Loading spinner

Detecting vulnerable code in software dependencies is more complex than it seems Read More »

How to make Infrastructure as Code secure by default

code, cybersecurity, DevOps, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, policy, remediation, security standard, StackGen, threat detection /

How to make Infrastructure as Code secure by default 2024-09-13 at 07:46 By Help Net Security Infrastructure as Code (IaC) has become a widely adopted practice in modern DevOps, automating the management and provisioning of technology infrastructure through machine-readable definition files. What can we to do make IaC secure by default? Security workflows for IaC

React to this headline:

Loading spinner

How to make Infrastructure as Code secure by default Read More »

Leveraging dynamic configuration for seamless and compliant software changes

Artificial Intelligence, code, Compliance, configuration management, cybersecurity, Don't miss, Features, Hot stuff, Lekko, News, opinion, regulation, risk assessment /

Leveraging dynamic configuration for seamless and compliant software changes 2024-07-31 at 06:01 By Mirko Zorz In this Help Net Security interview, Konrad Niemiec, CEO and Founder of Lekko, discusses the benefits of dynamic configuration in preventing system outages and enabling faster response times during incidents. Niemiec explains how dynamic configuration evolves feature flagging, supports operational

React to this headline:

Loading spinner

Leveraging dynamic configuration for seamless and compliant software changes Read More »

One-third of dev professionals unfamiliar with secure coding practices

code, News, OpenSSF, report, software, software development, survey, The Linux Foundation, training /

One-third of dev professionals unfamiliar with secure coding practices 2024-07-19 at 07:01 By Help Net Security Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security, according to OpenSSF and the Linux Foundation. Despite this, many developers lack the essential knowledge and skills to effectively implement secure software development. Lack

React to this headline:

Loading spinner

One-third of dev professionals unfamiliar with secure coding practices Read More »

Maintaining human oversight in AI-enhanced software development

Artificial Intelligence, automation, code, cybersecurity, DevOps, Don't miss, Features, generative AI, Harness, Hot stuff, News, opinion, software development /

Maintaining human oversight in AI-enhanced software development 2024-07-03 at 07:31 By Mirko Zorz In this Help Net Security, Martin Reynolds, Field CTO at Harness, discusses how AI can enhance the security of software development and deployment. However, increased reliance on AI-generated code introduces new risks, requiring human oversight and integrated security practices to ensure safe

React to this headline:

Loading spinner

Maintaining human oversight in AI-enhanced software development Read More »

Enhancing security through collaboration with the open-source community

code, collaboration, Compliance, cybersecurity, Don't miss, Features, Hot stuff, NetworkRADIUS, News, open source, opinion, regulation, software development, strategy /

Enhancing security through collaboration with the open-source community 2024-06-18 at 07:32 By Mirko Zorz In this Help Net Security interview, Alan DeKok, CEO at NetworkRADIUS, discusses the need for due diligence in selecting and maintaining open-source tools, and brings out the potential risks and benefits of collaborating with the open-source community to enhance software security.

React to this headline:

Loading spinner

Enhancing security through collaboration with the open-source community Read More »

Solana devs target April 15 for failed TX fix — it’s ‘not a design flaw’

bug, code, Design, Helius Labs, Implementation, memecoins, Mert Mumtaz, QUIC, Solana network, Transaction Failure /

Solana devs target April 15 for failed TX fix — it’s ‘not a design flaw’ 2024-04-09 at 06:01 By Cointelegraph by Brayden Lindrea Solana’s percentage of failed non-vote transactions went over 75% last week, and developers are now targeting a fix to be implemented on April 15. This article is an excerpt from Cointelegraph.com News

React to this headline:

Loading spinner

Solana devs target April 15 for failed TX fix — it’s ‘not a design flaw’ Read More »

Six steps for security and compliance in AI-enabled low-code/no-code development

Artificial Intelligence, automation, code, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion, risk, software development, Zenity /

Six steps for security and compliance in AI-enabled low-code/no-code development 2024-04-04 at 08:02 By Help Net Security AI is quickly transforming how individuals create their own apps, copilots, and automations. This is enabling organizations to improve output and increase efficiency—all without adding to the burden of IT and the help desk. But while this transformation

React to this headline:

Loading spinner

Six steps for security and compliance in AI-enabled low-code/no-code development Read More »

Using cloud development environments to secure source code

Cloud, code, Coder, cybersecurity, DevOps, Don't miss, Hot stuff, programming, software development, Video /

Using cloud development environments to secure source code 2024-03-21 at 07:01 By Help Net Security In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment (CDE) technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining

React to this headline:

Loading spinner

Using cloud development environments to secure source code Read More »

ParaSwap evades hack targeting Augustus v6 contract vulnerability

code, hackers, Hacks, smart contracts /

ParaSwap evades hack targeting Augustus v6 contract vulnerability 2024-03-20 at 11:01 By Cointelegraph by Arijit Sarkar ParaSwap paused the V6 API soon after discovering the vulnerability and secured the potential victims’ funds through a white hack. Plans to reimburse potential victims are underway. This article is an excerpt from Cointelegraph.com News View Original Source React

React to this headline:

Loading spinner

ParaSwap evades hack targeting Augustus v6 contract vulnerability Read More »

Transitioning to memory-safe languages: Challenges and considerations

code, cybersecurity, Don't miss, education, Features, Hot stuff, News, OpenSSF, opinion, programming, regulation, software development /

Transitioning to memory-safe languages: Challenges and considerations 2024-03-11 at 09:07 By Mirko Zorz In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. Memory safety concerns, prevailing

React to this headline:

Loading spinner

Transitioning to memory-safe languages: Challenges and considerations Read More »

36% of code generated by GitHub CoPilot contains security flaws

code, Don't miss, News, report, software development, survey, Veracode /

36% of code generated by GitHub CoPilot contains security flaws 2024-02-20 at 06:32 By Help Net Security Security debt, defined as flaws that remain unfixed for longer than a year, exists in 42% of applications and 71% of organizations, according to Veracode. Worryingly, 46% of organizations have persistent, high-severity flaws that constitute ‘critical’ security debt,

React to this headline:

Loading spinner

36% of code generated by GitHub CoPilot contains security flaws Read More »

How to make developers accept DevSecOps

CISO, code, DevOps, DevSecOps, Don't miss, Hot stuff, News, skill development, software development /

How to make developers accept DevSecOps 2024-01-31 at 07:05 By Helga Labus According to a recent Dynatrace report, only 50% of CISOs believe that development teams have thoroughly tested the software for vulnerabilities before deploying it into the production environment. This is a statistic that needs to change and the only way to change it

React to this headline:

Loading spinner

How to make developers accept DevSecOps Read More »

Scroll to Top