software development
Principles for Kubernetes security and good hygiene
Traditional methods of software security are not a good fit for Kubernetes: a renewed set of security implementations are required to make it less vulnerable. What’s …
Challenges development teams face when building applications with open source
Tidelift released a report providing critical insights into the state and practice of open source software supply chain management. This comprehensive study of nearly 700 …
81% of codebases contain known open source vulnerabilities
Synopsys released a report which examines the results of more than 2,400 audits of commercial and proprietary codebases from merger and acquisition transactions, and …
86% of developers don’t prioritize application security
Secure Code Warrior released findings from its survey, which found that developers’ actions and attitudes toward software security are in conflict. While many developers …
How often do developers push vulnerable code?
A Tromzo report reveals developers remediate only 32% of vulnerabilities and regularly push vulnerable code. The report was based on a survey of more than 400 U.S.-based …
What you need to look out for when installing packages from public repositories
In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, talks about the risks posed by malicious open source packages. Malicious packages can harm …
Spring4Shell: New info and fixes (CVE-2022-22965)
In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE …
Where should companies start when it comes to device security?
The Internet of Things (IoT) market has a security problem that is boiling over into a business issue. According to a recent survey conducted by the Ponemon Institute, 59% of …
The benefits of implementing continuous security in the development lifecycle
Wabbi published new research with IDG that finds companies utilizing continuous security have decreased vulnerabilities by 50%. The study focused on the integration of …
Is next-gen threat modeling even about threats?
The threat landscape evolves with technology, and as threats grow in sophistication, there are concerns about major events like the Colonial Pipeline ransomware attack or the …
Why low-code and identity must co-exist
Software development has emerged as a critical task for organizations looking to compete in the digital economy. It increasingly fuels innovation and even disruption. Yet, …
What makes a successful development team?
CircleCI unveiled its report on the state of software delivery, examining two years of data from more than a quarter billion workflows and nearly 50,000 organizations around …
Featured news
Resources
Don't miss
- Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)
- Exposure management is the answer to: “Am I working on the right things?”
- Cyberattacks are changing the game for major sports events
- Can your security stack handle AI that thinks for itself?
- July 2025 Patch Tuesday forecast: Take a break from the grind