Microsoft, GitHub announce application security testing tools for Azure DevOps
GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft’s Azure DevOps Services. Enabling GitHub …
software development
Never leak secrets to your GitHub repositories again
GitHub is making push protection – a security feature designed to automatically prevent the leaking of secrets to repositories – free for owners of all public …
Google delivers secure open source software packages
Google has announced the Google Cloud Assured Open Source Software (Assured OSS) service, which aims to be a trusted source of secure open source packages, and the deps.dev …
Developers can make a great extension of your security team
Developers care about the quality and security of their code, and when empowered to help, developers make great security advocates who can help harden your supply chain …
The dangers of unsupported applications
Are ageing technologies and infrastructure threatening the security and productivity of your business? A recent investigation by the National Audit Office (NAO – UK’s …
Establishing secure habits for software development in 2023
As a new year commences, it’s not unusual for people to take the opportunity to adopt better practices and principles and embrace new ways of thinking in both their personal …
A closer look at malicious packages targeting Python developers
In this Help Net Security video, Carlos Fernandez, Security Researcher at Sonatype, talks about how their AI system caught packages that attack Python developers with a unique …
70% of apps contain at least one security flaw after 5 years in production
Veracode revealed data that could save organizations time and money by helping developers minimize the introduction and accumulation of security flaws in their software. Their …
OSV-Scanner: A free vulnerability scanner for open-source software
After releasing the Open Source Vulnerabilities database (OSV.dev) in February, Google has launched the OSV-Scanner, a free command line vulnerability scanner that open source …
How to improve secure coding education
Did you know that not one of the top 50 undergraduate computer science programs in the U.S. requires a course in code or application security for majors? Yet the threatscape …
Critical vulnerability in Spotify’s Backstage discovered, patched
A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in …
Following Log4j: Supporting the developer community to secure IT
How bad was the Log4j vulnerability for open source’s reputation? One of the most high-profile exploits in recent years, it even led to a government advisory from the UK’s …