software development

Does AI remediation spell the end for developers in 2024?

Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, remediation, Secure Code Warrior, software development, Video /

Does AI remediation spell the end for developers in 2024? 2024-02-27 at 07:03 By Help Net Security Big tech firms are already rolling out AI remediation tools to prevent developers from introducing security risks into the software development lifecycle (SDLC). In this Help Net Security video, Matias Madou, CTO at Secure Code Warrior, discusses how […]

React to this headline:

Loading spinner

Does AI remediation spell the end for developers in 2024? Read More »

A step-by-step plan for safe use of GenAI models for software development

Artificial Intelligence, ChatGPT, Compliance, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion, Privacy, risk, software development, Solvd /

A step-by-step plan for safe use of GenAI models for software development 2024-02-22 at 08:01 By Help Net Security If you are a large-scale company, the recent AI boom hasn’t escaped your notice. Today AI is assisting in a large array of development-related and digital-related tasks, from content generation to automation and analysis. The development

React to this headline:

Loading spinner

A step-by-step plan for safe use of GenAI models for software development Read More »

The importance of a good API security strategy

API security, cyber risk, Don't miss, Hot stuff, News, software development, strategy, threats /

The importance of a good API security strategy 2024-02-21 at 06:32 By Helga Labus In 2024, API requests accounted for 57% of dynamic internet traffic around the globe, according to the Cloudflare 2024 API Security & Management Report, confirming that APIs are a crucial component of modern software development. But with their increased adoption over

React to this headline:

Loading spinner

The importance of a good API security strategy Read More »

36% of code generated by GitHub CoPilot contains security flaws

code, Don't miss, News, report, software development, survey, Veracode /

36% of code generated by GitHub CoPilot contains security flaws 2024-02-20 at 06:32 By Help Net Security Security debt, defined as flaws that remain unfixed for longer than a year, exists in 42% of applications and 71% of organizations, according to Veracode. Worryingly, 46% of organizations have persistent, high-severity flaws that constitute ‘critical’ security debt,

React to this headline:

Loading spinner

36% of code generated by GitHub CoPilot contains security flaws Read More »

Custom rules in security tools can be a game changer for vulnerability detection

cybersecurity, Don't miss, Features, Hot stuff, News, opinion, scanning, Semgrep, software development, strategy, tips /

Custom rules in security tools can be a game changer for vulnerability detection 2024-02-01 at 07:32 By Mirko Zorz In this Help Net interview, Isaac Evans, CEO at Semgrep, discusses the balance between speed and thoroughness in CI/CD pipeline security scanning. Stressing the need to avoid slowing down the process, he recommends a nuanced approach,

React to this headline:

Loading spinner

Custom rules in security tools can be a game changer for vulnerability detection Read More »

How to make developers accept DevSecOps

CISO, code, DevOps, DevSecOps, Don't miss, Hot stuff, News, skill development, software development /

How to make developers accept DevSecOps 2024-01-31 at 07:05 By Helga Labus According to a recent Dynatrace report, only 50% of CISOs believe that development teams have thoroughly tested the software for vulnerabilities before deploying it into the production environment. This is a statistic that needs to change and the only way to change it

React to this headline:

Loading spinner

How to make developers accept DevSecOps Read More »

Self-managed GitLab installations should be patched again (CVE-2024-0402)

DevOps, Don't miss, GitLab, Hot stuff, News, security update, software development, vulnerability /

Self-managed GitLab installations should be patched again (CVE-2024-0402) 2024-01-30 at 14:02 By Zeljka Zorz Less than two weeks after having plugged a security hole that allows account takeover without user interaction, GitLab Inc. has patched a critical vulnerability (CVE-2024-0402) in GitLab CE/EE again and is urging users to update their installations immediately. GitLab Inc. operates

React to this headline:

Loading spinner

Self-managed GitLab installations should be patched again (CVE-2024-0402) Read More »

The dynamic relationship between AI and application development

Application Security, Artificial Intelligence, cybersecurity, Digital.ai, Don't miss, Hot stuff, software development, Video /

The dynamic relationship between AI and application development 2024-01-04 at 06:31 By Help Net Security In this Help Net Security video, Greg Ellis, General Manager, Application Security, at Digital.ai, discusses how artificial intelligence is revolutionizing the way applications are developed and redefining the possibilities within the tech industry. The post The dynamic relationship between AI

React to this headline:

Loading spinner

The dynamic relationship between AI and application development Read More »

Security automation gains traction, prompting a “shift everywhere” philosophy

Artificial Intelligence, automation, cybersecurity, News, report, software development, survey, Synopsys /

Security automation gains traction, prompting a “shift everywhere” philosophy 11/12/2023 at 07:32 By Help Net Security The use of automated security technology is growing rapidly, which in turn is propagating the “shift everywhere” philosophy – performing security tests throughout the entire software development life cycle – across more organizations, according to Synopsys. This year’s findings

React to this headline:

Loading spinner

Security automation gains traction, prompting a “shift everywhere” philosophy Read More »

CISOs vs. developers: A battle over security priorities

Chainguard, CISO, cybersecurity, framework, News, report, software development, supply chain, survey /

CISOs vs. developers: A battle over security priorities 13/11/2023 at 09:01 By Help Net Security A majority of both developers and CISOs view software supply chain security as a top priority in their roles (70% and 52% respectively), according to Chainguard. However, there is a clear disconnect and even some distrust between CISOs and developers

React to this headline:

Loading spinner

CISOs vs. developers: A battle over security priorities Read More »

Kubernetes adoption creates new cybersecurity challenges

Cloud, cybersecurity, Kubernetes, News, report, software development, survey, Venafi /

Kubernetes adoption creates new cybersecurity challenges 13/11/2023 at 07:33 By Help Net Security To maintain a competitive edge, modern organizations are evolving toward highly scalable, flexible and resilient applications – leading to the widespread adoption of cloud native technologies like Kubernetes, according to Venafi. Security challenges in cloud native environments In fact, 84% of security

React to this headline:

Loading spinner

Kubernetes adoption creates new cybersecurity challenges Read More »

AI-assisted coding and its impact on developers

Artificial Intelligence, code, cybersecurity, Don't miss, Hot stuff, Pluralsight, resilience, skill development, software development, Video /

AI-assisted coding and its impact on developers 08/11/2023 at 08:02 By Help Net Security The emergence of AI has put into question the roles of software developers everywhere. In this Help Net Security video, Cat Hicks, VP of Research Insights at Pluralsight, discusses pressing questions that engineering organizations face regarding the rapidly-changing possibilities of AI-assisted

React to this headline:

Loading spinner

AI-assisted coding and its impact on developers Read More »

Microsoft launches new initiative to augment security

Application Security, Artificial Intelligence, cloud security, Don't miss, Hot stuff, identity protection, Microsoft, News, software development, strategy /

Microsoft launches new initiative to augment security 03/11/2023 at 14:48 By Zeljka Zorz Nearly 22 years after Bill Gates announced a concerted Microsoft-wide push to deliver Trustworthy Computing, the company is launching the Secure Future Initiative, to boost the overall security of Microsoft’s products and its customers and users. A new Microsoft initiative focused on

React to this headline:

Loading spinner

Microsoft launches new initiative to augment security Read More »

North Korean hackers are targeting software developers and impersonating IT workers

APT, Don't miss, FBI, Hot stuff, Insider Threat, Microsoft, News, North Korea, software development, supply chain compromise, vulnerability /

North Korean hackers are targeting software developers and impersonating IT workers 20/10/2023 at 13:52 By Helga Labus State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. North Korean hackers targeting developers Microsoft has outlined on Wednesday how

React to this headline:

Loading spinner

North Korean hackers are targeting software developers and impersonating IT workers Read More »

Valve introduces SMS-based confirmation to prevent malicious games on Steam

authentication, Don't miss, ESET, Hot stuff, MFA, News, security update, software development, Steam /

Valve introduces SMS-based confirmation to prevent malicious games on Steam 17/10/2023 at 16:32 By Helga Labus Video game publisher/digital distribution company Valve is forcing developers who publish games on its Steam platform to “validate” new builds with a confirmation code received via SMS. The Steam SMS confirmation requirement Valve sent out notices last month to

React to this headline:

Loading spinner

Valve introduces SMS-based confirmation to prevent malicious games on Steam Read More »

The root cause of open-source risk

CISO, cybersecurity, News, open source, report, software development, Sonatype, strategy, survey /

The root cause of open-source risk 05/10/2023 at 06:02 By Help Net Security 2023 saw twice as many software supply chain attacks as 2019-2022 combined. Sonatype logged 245,032 malicious packages in 2023. One in eight open-source downloads today poses known and avoidable risks. Vulnerabilities can still be prevented Nearly all (96%) vulnerabilities are still avoidable.

React to this headline:

Loading spinner

The root cause of open-source risk Read More »

Chalk: Open-source software security and infrastructure visibility tool

Crash Override, cybersecurity, Don't miss, GitHub, News, software, software development /

Chalk: Open-source software security and infrastructure visibility tool 03/10/2023 at 06:32 By Mirko Zorz Chalk is a free, open-source tool that helps improve software security. You add a single line to your build script, and it will automatically collect and inject metadata into every build artifact: source code, binaries, and containers. Gaining visibility Chalk enables

React to this headline:

Loading spinner

Chalk: Open-source software security and infrastructure visibility tool Read More »

The pitfalls of neglecting security ownership at the design stage

cyber risk, cybersecurity, Don't miss, Features, Hot stuff, investment, Lenovo, News, opinion, policy, product development, SMBs, software, software development, strategy /

The pitfalls of neglecting security ownership at the design stage 27/09/2023 at 07:01 By Mirko Zorz For companies to avoid bleeding millions through cyber threats, they must build adaptability into their security strategy from the start while considering a range of inputs that go beyond the IT and network access aspects. In this Help Net

React to this headline:

Loading spinner

The pitfalls of neglecting security ownership at the design stage Read More »

Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793)

continuous integration, Don't miss, Hot stuff, JetBrains, News, Rapid7, software delivery, software development, vulnerability /

Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793) 26/09/2023 at 18:01 By Zeljka Zorz Software development firm JetBrains has fixed a critical vulnerability (CVE-2023-42793) in its TeamCity continuous integration and continuous delivery (CI/CD) solution, which may allow authenticated attackers to achieve remote code execution and gain control of the server.

React to this headline:

Loading spinner

Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793) Read More »

Are developers giving enough thought to prompt injection threats when building code?

Artificial Intelligence, code, cybercrime, data analysis, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, Immersive Labs, News, opinion, policy, programming, software development, strategy /

Are developers giving enough thought to prompt injection threats when building code? 26/09/2023 at 08:32 By Help Net Security With National Coding Week behind us, the development community has had its annual moment of collective reflection and focus on emerging technologies that are shaping the industry. Among these, large language models (LLMs) and “generative AI”

React to this headline:

Loading spinner

Are developers giving enough thought to prompt injection threats when building code? Read More »

Scroll to Top