Software Development

Software Development | News, how-tos, features, reviews, and videos

conference / convention / audience / applause / clapping
Feature

The CSO guide to top security conferences, 2021

blind spot side view mirror car vehicle
News

Security blind spots persist as companies cross-breed security with devops

man typing on laptop search internet web browswer
Feature

15 top open-source intelligence tools

OSINT (open-source intelligence) is the practice of collecting information from published or otherwise publicly available sources. These tools will help you find sensitive public info before bad guys do.

A 'GitHub social coding' mug sits in a desktop workspace.
Feature

15 open source GitHub projects for security pros

GitHub has a ton of open-source options for security professionals, with new entries every day. Add these tools to your collection and work smarter.

tools drill bits toolkit tookapic free cc0 via pexels binary thinkstock
Feature

21 best free security tools

Check out these free, standout software tools that will make your daily security work easier, whether it's pen-testing, OSINT, vulnerability assessment, and more.

backdoor / abstract security circuits, locks and data blocks
News Analysis

PHP backdoor attempt shows need for better code authenticity verification

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.

Check mark certificate in a binary tunnel / standards / quality control / certification / certifi
News Analysis

New free software signing service aims to strengthen open-source ecosystem

The Linux Foundation's sigstore code-signing software, developed with Google, Red Hat and Purdue University, will help prevent attacks on the software supply chain.

Triangular alert with exclamation mark amid abstract binary and sketches of scattered books.
Feature

Dependency confusion explained: Another risk when using open-source repositories

Dependency confusion is a newly discovered logic flaw in the default way software development tools pull third-party packages from public and private repositories. Here's what you need to know.

layered image of male executive holding thumbs up in CMYK
Feature

16 technology winners and losers, post-COVID

The coronavirus crisis has shaken up business as usual, with some IT strategies and tools rising to the occasion and others in line for a rethink or tough recovery post-pandemic.

Tech Spotlight > The Future of Work [Overview] > A crystal ball for peering into the future.
Feature

The future of work: Coming sooner than you think

What will your worklife be like years from now? Today's work-from-home world has given us a glimpse of the future, as these five articles from CIO, Computerworld, CSO, InfoWorld, and Network World illustrate.

programmer certification skills code devops glasses student by kevin unsplash
Feature

Top 10 in-demand cybersecurity skills for 2021

The list of needed security skills is long and growing. Here's what experts say is driving the demand.

cso ts ai ml by just super getty images 2400x1600
Feature

How secure are your AI and machine learning projects?

Artificial intelligence and machine learning bring new vulnerabilities along with their benefits. Here's how experts minimized their risk.

open source box open box out of the box empty
Opinion

Using open source for identity projects: 8 considerations

Consider these eight points to decide whether you can securely use open-source code in your identity management projects.

dark secrets of devops code secret quiet by kristina flour unsplash
News Analysis

The state of application security: What the statistics tell us

Companies are moving toward a DevSecOps approach to application development, but problems remain with security testing ownership and open-source code vulnerabilities.

open box / abstract code / open-source code
Feature

4 best practices to avoid vulnerabilities in open-source code

Open-source code in public repositories might contain malware or unintentional vulnerabilities. Here's how to best manage finding and mitigating potential problems.

raining data on keyboard programming developer code
Feature

What is devsecops? Why it's hard to do well

Devsecops is about introducing security earlier in the life cycle of application development, thus minimizing vulnerabilities and bringing security closer to IT and business objectives.

coding / programming / development / binary code
Review

Review: How ShiftLeft catches vulnerabilities during code development

This combination traffic analysis tool and dynamic application security testing tool works with nearly any language and CI system, is very easy to use, and integrates directly into the development process.

CSO > breakthrough / penetration testing / sledgehammer breaking through a binary wall
Review

Release the monkey! How Infection Monkey tests network security

This free, open source penetration testing tool uses real attacks and real techniques to try and exploit its way into a network.

ij1kcay
DealPost

Set your brand up for success with a .tech domain extension

Imagine this. You’ve finally completed your brand new app that’s going to revolutionize the way we live. You’ve even come up with a catchy name that meshes perfectly with your app and no other company has laid claim to....

ifcr 042 thumb
video

How to code an interactive shiny app to search Twitter: Do More With R bonus video

Learn how to turn code from Episode 41 into an interactive shiny Web app.

Load More