Software Development
Software Development | News, how-tos, features, reviews, and videos
![Digital bugs amid binary code. [security threats / malware / breach / hack / attack]](https://images.idgesg.net/images/article/2020/09/digital_bugs_amid_binary_code_security_threats_malware_breach_hack_attack_by_whatawin_gettyimages-1188254819_2400x1600-100858616-small.3x2.jpg?auto=webp&quality=85,70)
Azul detects Java vulnerabilities in production apps
Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.
The OSPO – the front line for secure open-source software supply chain governance
An open-source program office (OSPO) can act as both gatekeeper and evangelist in an organization’s struggle to ensure ubiquitous open-source components – incredibly useful but vulnerable to bad actors and misuse – are deployed safely...
Supply chain attacks increased over 600% this year and companies are falling behind
Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.
Endor Labs offers dependency management platform for open source software
Startup Endor Labs comes out of stealth with an end-to-end platform to help CSOs understand and catalogue everything developers are using from the internet.
Enterprises embrace devsecops practices against supply chain attacks
Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google Cloud's DORA research...
API security—and even visibility—isn’t getting handled by enterprises
A new survey highlights the widespread nature of API security incidents and the lack of full inventories of potentially dangerous APIs.
U.S. government issues guidance for developers to secure the software supply chain: Key takeaways
The U.S. NSA, CISA and ODNI created the Securing the Software Supply Chain guide to focus on the software development lifecycle.
8 notable open-source security initiatives of 2022
Vendors, collectives and governments are contributing to improve the security of open-source code, software, and development amid organizations’ increasing use of open-source resources.
The Heartbleed bug: How a flaw in OpenSSL caused a security crisis
Heartbleed is a vulnerability in OpenSSL that came to light in April of 2014; it can be traced to a single line of code.
OpenSSF releases npm best practices to help developers tackle open-source dependency risks
The npm Best Practices Guide aims to help JavaScript and TypeScript developers reduce the security risks of using open-source dependencies.
Traceable AI debuts API testing product for its security platform
API testing tool xAST is now folded into Traceable’s existing suite of API analysis and visibility capabilities.
Vulnerability Exploitability eXchange explained: How VEX makes SBOMs actionable
VEX adds context to software vulnerabilities to better inform risk assessment decisions.
SBOM formats SPDX and CycloneDX compared
Understanding the differences between these widely used software bill of materials format standards is important, but your tools will likely need to support both.
How OpenSSF Scorecards can help to evaluate open-source software risks
Scorecards automatically generates a score for open-source projects based on potential vulnerabilities and dependencies.
GitGuardian launches ggcanary project to help detect open-source software risks
GitGuardian says its new open-source canary tokens project helps businesses detect breaches as they unfold.
8 top SBOM tools to consider
These commercial and open-source tools will scan code and create software bills of materials automatically.
What is an SBOM? Software bill of materials explained
An SBOM is a detailed guide to what's inside your software. It helps vendors and buyers alike keep track of software components for better software supply chain security.
Auth0’s OpenFGA explained: Open source universal authorization
Authorization is an essential and non-trivial need in application development. Modern requirements have only increased the complexity of delivering adequate authorization. Auth0 aims to make authorization more standard and...
Google Cloud previews advanced new API security features
Google’s latest security update for Google Cloud is aimed at curbing API-based attacks.