The percentage of open source code in proprietary apps is rising
The number of open source components in the codebase of proprietary applications keeps rising and with it the risk of those apps being compromised by attackers leveraging …
application security
Devs know application security is important, but have no time for it
Sonatype polled 2,076 IT professionals to discover practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions, and the results …
Android P: Expected security and privacy improvements
Google has released a developer preview of the next version of Android, currently called “Android P.” Functional changes are many, but here’s an overview of …
Secure coding in Java: Bad online advice and confusing APIs
For programmers and software developers, the Internet forums provide a great place to exchange knowledge and seek answers to concrete coding conundrums. Alas, they are not …
Google Chrome most resilient against attacks, researchers find
Researchers have analyzed Google Chrome, Microsoft Edge, and Internet Explorer, and found Chrome to be the most resilient against attacks. “Modern web browsers such as …
Custom code accounts for 93% of application vulnerabilities
Although third-party software libraries represent a majority of an application’s code, they account for less than seven percent of application vulnerabilities. Typically, …
The future of AppSec: Stop fighting the last war
It’s a cornerstone of military doctrine: when you focus too much on the last battle you faced, you miss signs of the new battleground taking shape. The principle holds as true …
DevSecOps: Build a bridge between fast and secure software development
Despite the pervasive belief that security and development teams have conflicting priorities, initiatives such as creating DevOps environments and focusing on product …
