software development
The fight to stymie adversarial machine learning is on
The use of machine learning (ML) technology is booming. This development is being driven by the many immediate gains that can be achieved using machine learning models in …
Review: Alice & Bob Learn Application Security
Tanya Janca, founder of We Hack Purple, an online learning academy, community and podcast that teaches how to create secure software, is also known as SheHacksPurple and is …
How to make DevSecOps stick with developers
While DevOps culture has brought innovation to the industry and transformed the way software is developed, it’s arguably an outdated concept. The truth is that DevOps has …
Face recognition software making progress at recognizing masked faces
A study of face recognition technology created after the onset of the COVID-19 pandemic shows that some software developers have made demonstrable progress at recognizing …
Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)
A critical vulnerability (CVE-2020-27955) in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, allows attackers to achieve remote code …
GitHub envisions a world with fewer software vulnerabilities
After five months in beta, the GitHub Code Scanning security feature has been made generally available to all users: for free for public repositories, as a paid option for …
Few security pros believe their organizations have reached full DevSecOps maturity
20% of security professionals described their organizations’ DevSecOps practices as “mature”, while 62% said they are improving practices and 18% as “immature”, a WhiteSource …
Most AppSec pros see a growing divide between them and developers
75% of AppSec practitioners and 49% of developers believe there is a cultural divide between their respective teams, according to ZeroNorth. As digital transformation takes …
Microsoft open-sources tool that enables continuous developer-driven fuzzing
Microsoft has open-sourced OneFuzz, its own internal continuous developer-driven fuzzing platform, allowing developers around the world to receive fuzz testing results …
Organizations knowingly ship vulnerable code despite using AppSec tools
Nearly half of organizations regularly and knowingly ship vulnerable code despite using AppSec tools, according to Veracode. Among the top reasons cited for pushing vulnerable …
Facebook open-sources a static analyzer for Python code
Need a tool to check your Python-based applications for security issues? Facebook has open-sourced Pysa (Python Static Analyzer), a tool that looks at how data flows through …
Fixing all vulnerabilities is unrealistic, you need to zero in on what matters
As technology constantly advances, software development teams are bombarded with security alerts at an increasing rate. This has made it nearly impossible to remediate every …
Featured news
Sponsored
Don't miss
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
- Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
- Learning from CrowdStrike’s quality assurance failures
- BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements
- How CISOs enable ITDR approach through the principle of least privilege