How to make developers accept DevSecOps 2024-01-31 at 07:05 By Helga Labus According to a recent Dynatrace report, only 50% of CISOs believe that development teams have thoroughly tested the software for vulnerabilities before deploying it into the production environment. This is a statistic that needs to change and the only way to change it […]
React to this headline:
How to make developers accept DevSecOps Read More »
Self-managed GitLab installations should be patched again (CVE-2024-0402) 2024-01-30 at 14:02 By Zeljka Zorz Less than two weeks after having plugged a security hole that allows account takeover without user interaction, GitLab Inc. has patched a critical vulnerability (CVE-2024-0402) in GitLab CE/EE again and is urging users to update their installations immediately. GitLab Inc. operates
React to this headline:
Self-managed GitLab installations should be patched again (CVE-2024-0402) Read More »
The dynamic relationship between AI and application development 2024-01-04 at 06:31 By Help Net Security In this Help Net Security video, Greg Ellis, General Manager, Application Security, at Digital.ai, discusses how artificial intelligence is revolutionizing the way applications are developed and redefining the possibilities within the tech industry. The post The dynamic relationship between AI
React to this headline:
The dynamic relationship between AI and application development Read More »
Security automation gains traction, prompting a “shift everywhere” philosophy 11/12/2023 at 07:32 By Help Net Security The use of automated security technology is growing rapidly, which in turn is propagating the “shift everywhere” philosophy – performing security tests throughout the entire software development life cycle – across more organizations, according to Synopsys. This year’s findings
React to this headline:
Security automation gains traction, prompting a “shift everywhere” philosophy Read More »
CISOs vs. developers: A battle over security priorities 13/11/2023 at 09:01 By Help Net Security A majority of both developers and CISOs view software supply chain security as a top priority in their roles (70% and 52% respectively), according to Chainguard. However, there is a clear disconnect and even some distrust between CISOs and developers
React to this headline:
CISOs vs. developers: A battle over security priorities Read More »
Kubernetes adoption creates new cybersecurity challenges 13/11/2023 at 07:33 By Help Net Security To maintain a competitive edge, modern organizations are evolving toward highly scalable, flexible and resilient applications – leading to the widespread adoption of cloud native technologies like Kubernetes, according to Venafi. Security challenges in cloud native environments In fact, 84% of security
React to this headline:
Kubernetes adoption creates new cybersecurity challenges Read More »
AI-assisted coding and its impact on developers 08/11/2023 at 08:02 By Help Net Security The emergence of AI has put into question the roles of software developers everywhere. In this Help Net Security video, Cat Hicks, VP of Research Insights at Pluralsight, discusses pressing questions that engineering organizations face regarding the rapidly-changing possibilities of AI-assisted
React to this headline:
AI-assisted coding and its impact on developers Read More »
Microsoft launches new initiative to augment security 03/11/2023 at 14:48 By Zeljka Zorz Nearly 22 years after Bill Gates announced a concerted Microsoft-wide push to deliver Trustworthy Computing, the company is launching the Secure Future Initiative, to boost the overall security of Microsoft’s products and its customers and users. A new Microsoft initiative focused on
React to this headline:
Microsoft launches new initiative to augment security Read More »
North Korean hackers are targeting software developers and impersonating IT workers 20/10/2023 at 13:52 By Helga Labus State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. North Korean hackers targeting developers Microsoft has outlined on Wednesday how
React to this headline:
North Korean hackers are targeting software developers and impersonating IT workers Read More »
Valve introduces SMS-based confirmation to prevent malicious games on Steam 17/10/2023 at 16:32 By Helga Labus Video game publisher/digital distribution company Valve is forcing developers who publish games on its Steam platform to “validate” new builds with a confirmation code received via SMS. The Steam SMS confirmation requirement Valve sent out notices last month to
React to this headline:
Valve introduces SMS-based confirmation to prevent malicious games on Steam Read More »
The root cause of open-source risk 05/10/2023 at 06:02 By Help Net Security 2023 saw twice as many software supply chain attacks as 2019-2022 combined. Sonatype logged 245,032 malicious packages in 2023. One in eight open-source downloads today poses known and avoidable risks. Vulnerabilities can still be prevented Nearly all (96%) vulnerabilities are still avoidable.
React to this headline:
The root cause of open-source risk Read More »
Chalk: Open-source software security and infrastructure visibility tool 03/10/2023 at 06:32 By Mirko Zorz Chalk is a free, open-source tool that helps improve software security. You add a single line to your build script, and it will automatically collect and inject metadata into every build artifact: source code, binaries, and containers. Gaining visibility Chalk enables
React to this headline:
Chalk: Open-source software security and infrastructure visibility tool Read More »
The pitfalls of neglecting security ownership at the design stage 27/09/2023 at 07:01 By Mirko Zorz For companies to avoid bleeding millions through cyber threats, they must build adaptability into their security strategy from the start while considering a range of inputs that go beyond the IT and network access aspects. In this Help Net
React to this headline:
The pitfalls of neglecting security ownership at the design stage Read More »
Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793) 26/09/2023 at 18:01 By Zeljka Zorz Software development firm JetBrains has fixed a critical vulnerability (CVE-2023-42793) in its TeamCity continuous integration and continuous delivery (CI/CD) solution, which may allow authenticated attackers to achieve remote code execution and gain control of the server.
React to this headline:
Are developers giving enough thought to prompt injection threats when building code? 26/09/2023 at 08:32 By Help Net Security With National Coding Week behind us, the development community has had its annual moment of collective reflection and focus on emerging technologies that are shaping the industry. Among these, large language models (LLMs) and “generative AI”
React to this headline:
Are developers giving enough thought to prompt injection threats when building code? Read More »
Privacy concerns cast a shadow on AI’s potential for software development 13/09/2023 at 06:01 By Help Net Security Organizations are optimistic about AI, but AI adoption requires attention to privacy and security, productivity, and training, according to GitLab. “The transformational opportunity with AI goes way beyond creating code,” said David DeSanto, CPO, GitLab. “According to
React to this headline:
Privacy concerns cast a shadow on AI’s potential for software development Read More »
Bitwarden launches E2EE Secrets Manager 24/08/2023 at 13:24 By Helga Labus Bitwarden, a popular open-source password management service, has released Bitwarden Secrets Manager, an open-source, end-to-end encrypted solution that helps development, IT and DevOps teams store, manage, automate, and share secrets. About Bitwarden Secrets Manager Bitwarden Secrets Manager stores unlimited secrets – database passwords, API
React to this headline:
Bitwarden launches E2EE Secrets Manager Read More »
Building resilience through DevSecOps 17/07/2023 at 06:32 By Help Net Security DevSecOps, short for Development, Security, and Operations, is an approach that emphasizes the integration of security practices and principles into every stage of the software development lifecycle. It aims to bridge the gap between development teams, security teams, and operations teams, fostering collaboration and
React to this headline:
Building resilience through DevSecOps Read More »
API tools and services are fueling revenue growth 07/07/2023 at 06:40 By Help Net Security As more companies recognize APIs as the building blocks of modern software, API tools and services are evolving to meet their needs, according to Postman. Adopting an API-first approach “More companies are adopting an API-first approach to software development, and
React to this headline:
API tools and services are fueling revenue growth Read More »
Microsoft, GitHub announce application security testing tools for Azure DevOps 24/05/2023 at 14:34 By Zeljka Zorz GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft’s Azure DevOps Services. Enabling GitHub Advanced Security for Azure DevOps (Source: Microsoft) What is GitHub Advanced Security for Azure DevOps? GitHub
React to this headline:
Microsoft, GitHub announce application security testing tools for Azure DevOps Read More »