software development

Coding practices: The role of secure programming languages

Don't miss, Hot stuff, News, NIST, software development, tips /

Coding practices: The role of secure programming languages 2024-07-30 at 06:31 By Mirko Zorz Safety and quality are not features that can be added through testing — they must be integral to the design. Opting for a safer or more secure language or language subset during implementation can eliminate entire categories of vulnerabilities. The Software […]

React to this headline:

Loading spinner

Coding practices: The role of secure programming languages Read More »

One-third of dev professionals unfamiliar with secure coding practices

code, News, OpenSSF, report, software, software development, survey, The Linux Foundation, training /

One-third of dev professionals unfamiliar with secure coding practices 2024-07-19 at 07:01 By Help Net Security Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security, according to OpenSSF and the Linux Foundation. Despite this, many developers lack the essential knowledge and skills to effectively implement secure software development. Lack

React to this headline:

Loading spinner

One-third of dev professionals unfamiliar with secure coding practices Read More »

Maintaining human oversight in AI-enhanced software development

Artificial Intelligence, automation, code, cybersecurity, DevOps, Don't miss, Features, generative AI, Harness, Hot stuff, News, opinion, software development /

Maintaining human oversight in AI-enhanced software development 2024-07-03 at 07:31 By Mirko Zorz In this Help Net Security, Martin Reynolds, Field CTO at Harness, discusses how AI can enhance the security of software development and deployment. However, increased reliance on AI-generated code introduces new risks, requiring human oversight and integrated security practices to ensure safe

React to this headline:

Loading spinner

Maintaining human oversight in AI-enhanced software development Read More »

Developer errors lead to long-term exposure of sensitive data in Git repos

Aqua Security, cybersecurity, data, Don't miss, GitHub, News, open source, report, software, software development /

Developer errors lead to long-term exposure of sensitive data in Git repos 2024-06-26 at 15:01 By Help Net Security Credentials, API tokens, and passkeys – collectively referred to as secrets – from organizations around the globe were exposed for years, according to Aqua Security’s latest research. By scanning the most popular 100 organizations on GitHub,

React to this headline:

Loading spinner

Developer errors lead to long-term exposure of sensitive data in Git repos Read More »

Enhancing security through collaboration with the open-source community

code, collaboration, Compliance, cybersecurity, Don't miss, Features, Hot stuff, NetworkRADIUS, News, open source, opinion, regulation, software development, strategy /

Enhancing security through collaboration with the open-source community 2024-06-18 at 07:32 By Mirko Zorz In this Help Net Security interview, Alan DeKok, CEO at NetworkRADIUS, discusses the need for due diligence in selecting and maintaining open-source tools, and brings out the potential risks and benefits of collaborating with the open-source community to enhance software security.

React to this headline:

Loading spinner

Enhancing security through collaboration with the open-source community Read More »

Low code, high stakes: Addressing SQL injection

Application Security, attacks, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, human error, News, Nokod Security, opinion, software development, SQL injection /

Low code, high stakes: Addressing SQL injection 2024-06-17 at 08:01 By Help Net Security Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Due to various factors, they remain the third most common source of web application vulnerabilities. Reasons include human error, new technologies

React to this headline:

Loading spinner

Low code, high stakes: Addressing SQL injection Read More »

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)

Android, CVE, DevOps, Don't miss, Hot stuff, Java, JetBrains, Kotlin, News, software development, vulnerability /

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) 2024-06-11 at 15:46 By Zeljka Zorz JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose users of its integrated development environments (IDEs) to GitHub access token compromise. About CVE-2024-37051 JetBrains offers IDEs for various programming languages. CVE-2024-37051 is a vulnerability in the

React to this headline:

Loading spinner

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) Read More »

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)

Don't miss, enterprise, GitHub, Hot stuff, News, software development, vulnerability /

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) 2024-05-23 at 13:16 By Zeljka Zorz A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of potential victims: instances are vulnerable to

React to this headline:

Loading spinner

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) Read More »

Establishing a security baseline for open source projects

automation, cybersecurity, Don't miss, education, Features, Hot stuff, News, open source, OpenSSF, opinion, patching, penetration testing, policy, software development, standards /

Establishing a security baseline for open source projects 2024-05-13 at 08:01 By Mirko Zorz In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) and opportunities for overcoming these challenges. The OpenSSF community has developed open-source security tools and projects, aiming

React to this headline:

Loading spinner

Establishing a security baseline for open source projects Read More »

How AI affects vulnerability management in open-source software

Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, open source, patching, Seal Security, software, software development, Video /

How AI affects vulnerability management in open-source software 2024-05-13 at 07:01 By Help Net Security In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source software. One of the core issues around open-source vulnerability patch management has been the

React to this headline:

Loading spinner

How AI affects vulnerability management in open-source software Read More »

Applying DevSecOps principles to machine learning workloads

Artificial Intelligence, cybersecurity, DevSecOps, Don't miss, Expert analysis, Expert corner, Hot stuff, machine learning, News, opinion, Protect AI, software development /

Applying DevSecOps principles to machine learning workloads 2024-04-25 at 07:33 By Help Net Security Protecting data and other enterprise assets is an increasingly challenging task, and one that touches nearly every corner of an organization. As the complexity of digital systems grows, the challenges mount. One method that helps reign in the chaos is bringing

React to this headline:

Loading spinner

Applying DevSecOps principles to machine learning workloads Read More »

Stopping security breaches by managing AppSec posture

Application Security, Compliance, cybersecurity, Don't miss, Hot stuff, human error, OpsMx, policy, software development, Video /

Stopping security breaches by managing AppSec posture 2024-04-11 at 06:01 By Help Net Security Many security vulnerabilities result from human error, and the majority of these are reflected in the application layer. These errors may occur at any stage in the software development life cycle, from code to cloud. In this Help Net Security video,

React to this headline:

Loading spinner

Stopping security breaches by managing AppSec posture Read More »

Six steps for security and compliance in AI-enabled low-code/no-code development

Artificial Intelligence, automation, code, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion, risk, software development, Zenity /

Six steps for security and compliance in AI-enabled low-code/no-code development 2024-04-04 at 08:02 By Help Net Security AI is quickly transforming how individuals create their own apps, copilots, and automations. This is enabling organizations to improve output and increase efficiency—all without adding to the burden of IT and the help desk. But while this transformation

React to this headline:

Loading spinner

Six steps for security and compliance in AI-enabled low-code/no-code development Read More »

Finding software flaws early in the development process provides ROI

cybersecurity, Don't miss, Hot stuff, News, Probely, security assessment, security testing, software, software development /

Finding software flaws early in the development process provides ROI 2024-03-29 at 06:31 By Help Net Security Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software Quality estimates that the cost of poor software quality in the United States reached $2.41 trillion in

React to this headline:

Loading spinner

Finding software flaws early in the development process provides ROI Read More »

Using cloud development environments to secure source code

Cloud, code, Coder, cybersecurity, DevOps, Don't miss, Hot stuff, programming, software development, Video /

Using cloud development environments to secure source code 2024-03-21 at 07:01 By Help Net Security In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment (CDE) technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining

React to this headline:

Loading spinner

Using cloud development environments to secure source code Read More »

Transitioning to memory-safe languages: Challenges and considerations

code, cybersecurity, Don't miss, education, Features, Hot stuff, News, OpenSSF, opinion, programming, regulation, software development /

Transitioning to memory-safe languages: Challenges and considerations 2024-03-11 at 09:07 By Mirko Zorz In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. Memory safety concerns, prevailing

React to this headline:

Loading spinner

Transitioning to memory-safe languages: Challenges and considerations Read More »

Organizations are knowingly releasing vulnerable applications

Application Security, Checkmarx, CISO, cybersecurity, News, report, software development, survey /

Organizations are knowingly releasing vulnerable applications 2024-03-05 at 06:18 By Help Net Security 92% of companies had experienced a breach in the prior year due to vulnerabilities of applications developed in-house, according to Checkmarx. AppSec managers and developers share application security duties In recent years the responsibility for application security has shifted away from dedicated

React to this headline:

Loading spinner

Organizations are knowingly releasing vulnerable applications Read More »

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

continuous integration, DevOps, Don't miss, Hot stuff, JetBrains, News, Rapid7, security update, software development, vulnerability /

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) 2024-03-04 at 18:07 By Zeljka Zorz JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately. “Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere

React to this headline:

Loading spinner

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) Read More »

AI-driven DevOps: Revolutionizing software engineering practices

Artificial Intelligence, Codium AI, Compliance, cybersecurity, DevOps, Don't miss, Features, Hot stuff, News, opinion, programming, skill development, software development /

AI-driven DevOps: Revolutionizing software engineering practices 2024-02-28 at 07:04 By Mirko Zorz In this Help Net Security interview, Itamar Friedman, CEO of Codium AI, discusses the integration of AI into DevOps practices and its impact on software development processes, particularly in automating code review, ensuring compliance, and improving efficiency. Despite the benefits, challenges in incorporating

React to this headline:

Loading spinner

AI-driven DevOps: Revolutionizing software engineering practices Read More »

White House: Use memory-safe programming languages to protect the nation

critical infrastructure, Don't miss, Government, Honeywell, Horizon3.ai, Hot stuff, News, programming, software development, Trail of Bits, USA /

White House: Use memory-safe programming languages to protect the nation 2024-02-27 at 16:31 By Zeljka Zorz The White House is asking the technical community to switch to using memory-safe programming languages – such as Rust, Python, Swift, C#, Java, and Go – to prevent memory corruption vulnerabilities from entering the digital ecosystem. According to a

React to this headline:

Loading spinner

White House: Use memory-safe programming languages to protect the nation Read More »

Scroll to Top