Software Development

Software Development | News, how-tos, features, reviews, and videos

programming / coding elements / lines of code / development / developers / teamwork
code programming software bugs cybersecurity

Risk management concept

Top 10 open source software risks for 2023

While open source software is the bedrock of modern software development, it is also the weakest link in the software supply chain, according to a report by Endor Labs.

conference / convention / audience / applause / clapping

The CSO guide to top security conferences

Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.

Developers work together to review lines of code in an office workspace.

At least one open source vulnerability found in 84% of code bases: Report

Almost all applications contain at least some open source code, and 48% of all code bases examined by Synopsys researchers contained high-risk vulnerabilities.

database woman in tablet mobile

Privacera connects to Dremio’s data lakehouse to aid data governance

The integration of open-source based Privacera into Dremio’s data lakehouse is designed to allow joint customer enterprises to manage and organize secure data access.

padlock on a background of 0s and 1s

Wallarm touts API leak protection with new scanning feature

API protection vendor Wallarm now features scanning and automated remediation for API compromises.

A graph with abstract rates and values sharply declines. [losses / crisis / crash]

Financial services increasingly targeted for API-based cyberattacks

API-based attacks are sharply on the rise, as cybercriminals take aim at the financial services industry, according to a new report from Akamai.

programmer certification skills code devops glasses student by kevin unsplash

GitHub releases new SDLC security features including private vulnerability reporting

GitHub also announces CodeQL support for Ruby programming language and coverage/risk overviews to help users secure the software development lifecycle.

noops code developer devops html web developer by mazimusnd getty

Rezilion expands SBOM to support Windows environments

Organizations can now apply Rezilion’s SBOM to Windows environments to manage software vulnerabilities and meet regulatory standards.

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

Azul detects Java vulnerabilities in production apps

Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.

protective shield / binary code / COVID-19 coronavirus morphology

The OSPO – the front line for secure open-source software supply chain governance

An open-source program office (OSPO) can act as both gatekeeper and evangelist in an organization’s struggle to ensure ubiquitous open-source components – incredibly useful but vulnerable to bad actors and misuse – are deployed safely...

skull and crossbones in binary code

Supply chain attacks increased over 600% this year and companies are falling behind

Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.

shutterstock 2195137957 identity threat detection and response and cloud infrastructure entitlement

Endor Labs offers dependency management platform for open source software

Startup Endor Labs comes out of stealth with an end-to-end platform to help CSOs understand and catalogue everything developers are using from the internet.

teamwork / developers / programmers / collaboration / conversation, discussion, gesturing

Enterprises embrace devsecops practices against supply chain attacks

Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google Cloud's DORA research...

abstract internet network cyber security concept picture id1072278762

API security—and even visibility—isn’t getting handled by enterprises

A new survey highlights the widespread nature of API security incidents and the lack of full inventories of potentially dangerous APIs.

software development / application testing / planning / flow chart / diagram

U.S. government issues guidance for developers to secure the software supply chain: Key takeaways

The U.S. NSA, CISA and ODNI created the Securing the Software Supply Chain guide to focus on the software development lifecycle.

Abstract Java code

8 notable open-source security initiatives of 2022

Vendors, collectives and governments are contributing to improve the security of open-source code, software, and development amid organizations’ increasing use of open-source resources.

man holding pen drawing a heartbeat and red heart

The Heartbleed bug: How a flaw in OpenSSL caused a security crisis

Heartbleed is a vulnerability in OpenSSL that came to light in April of 2014; it can be traced to a single line of code.

certification programmer binary laptop devops by pixabay

OpenSSF releases npm best practices to help developers tackle open-source dependency risks

The npm Best Practices Guide aims to help JavaScript and TypeScript developers reduce the security risks of using open-source dependencies.

Load More
You Might Also Like