code review Archives - Help Net Security

code review

Low code applications are essential for cybersecurity development in applications

February 10, 2022

One of the biggest changes to the cybersecurity landscape is that developers are now often expected to implement security directly into the applications they’re building as …

Code review: How satisfied are development teams?

February 4, 2022

Code review remains the biggest influence on improving code quality with unit testing a distant second, a SmartBear survey reveals. With development teams getting larger and …

Trojan Source bugs may lead to extensive supply-chain attacks on source code

November 2, 2021

Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …

The basics of security code review

May 19, 2021

With staffing ratios often more than 200 developers for every AppSec professional, scaling security requires increasing the developer’s engagement in securing the product. To …

GitHub envisions a world with fewer software vulnerabilities

October 13, 2020

After five months in beta, the GitHub Code Scanning security feature has been made generally available to all users: for free for public repositories, as a paid option for …

GitHub Code Scanning aims to prevent vulnerabilities in open source software

May 8, 2020

GitHub has made available two new security features for open and private repositories: code scanning (as a GitHub-native experience) and secret scanning (both still in beta). …

Automate manual security, risk, and compliance processes in software development

March 9, 2020

The future of business relies on being digital – but all software deployed needs to be secure and protect privacy. Yet, responsible cybersecurity gets in the way of what any …

Microsoft Application Inspector: Check open source components for unwanted features

January 17, 2020

Want to know what’s in an open source software component before you use it? Microsoft Application Inspector will tell you what it does and spots potentially unwanted …

Mozilla will use AI coding assistant to preemptively catch Firefox bugs

February 15, 2019

Mozilla will start using Clever-Commit, an AI coding assistant developed by Ubisoft, to make the Firefox code-writing process more efficient and to prevent the introduction of …

OpenEMR vulnerabilities put patients’ info, medical records at risk

August 8, 2018

A slew of vulnerabilities in OpenEMR allowed attackers to access random patients’ health records, view data from a target database, escalate their privileges on the …

Custom code accounts for 93% of application vulnerabilities

July 25, 2017

Although third-party software libraries represent a majority of an application’s code, they account for less than seven percent of application vulnerabilities. Typically, …

Organizations are not effectively dealing with open source security threats

April 20, 2017

Black Duck conducts hundreds of open source code audits annually, primarily related to Merger & Acquisition transactions. Its Center for Open Source Research & …

code review

Low code applications are essential for cybersecurity development in applications

Code review: How satisfied are development teams?

Trojan Source bugs may lead to extensive supply-chain attacks on source code

The basics of security code review

GitHub envisions a world with fewer software vulnerabilities

GitHub Code Scanning aims to prevent vulnerabilities in open source software

Automate manual security, risk, and compliance processes in software development

Microsoft Application Inspector: Check open source components for unwanted features

Mozilla will use AI coding assistant to preemptively catch Firefox bugs

OpenEMR vulnerabilities put patients’ info, medical records at risk

Custom code accounts for 93% of application vulnerabilities

Organizations are not effectively dealing with open source security threats

Don't miss

Phishers use encrypted file attachments to steal Microsoft 365 account credentials

New Buhti ransomware uses leaked payloads and public exploits

Strengthening travel safety protocols with ISO 31030

Phishing campaign targets ChatGPT users

Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868)