software development

Low code, high stakes: Addressing SQL injection
Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Due to various factors, they remain the third most common source …

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)
JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose users of its integrated development environments (IDEs) to GitHub access token compromise. …

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)
A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned …

Establishing a security baseline for open source projects
In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) …

How AI affects vulnerability management in open-source software
In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source …

Applying DevSecOps principles to machine learning workloads
Protecting data and other enterprise assets is an increasingly challenging task, and one that touches nearly every corner of an organization. As the complexity of digital …

Stopping security breaches by managing AppSec posture
Many security vulnerabilities result from human error, and the majority of these are reflected in the application layer. These errors may occur at any stage in the software …

Six steps for security and compliance in AI-enabled low-code/no-code development
AI is quickly transforming how individuals create their own apps, copilots, and automations. This is enabling organizations to improve output and increase efficiency—all …

Finding software flaws early in the development process provides ROI
Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software …

Using cloud development environments to secure source code
In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment (CDE) technology landscape and its benefits. From the earliest stages …

Transitioning to memory-safe languages: Challenges and considerations
In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses the evolution of memory-safe programming …

Organizations are knowingly releasing vulnerable applications
92% of companies had experienced a breach in the prior year due to vulnerabilities of applications developed in-house, according to Checkmarx. AppSec managers and developers …
Featured news
Resources
Don't miss
- Digital sovereignty becomes a matter of resilience for Europe
- Storm-2603 spotted deploying ransomware on exploited SharePoint servers
- CISO New York 2025 brings together top cybersecurity leaders
- Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599)
- Autoswagger: Open-source tool to expose hidden API authorization flaws