Collaborate Disseminate
The proliferation of non-human identities and the complexity of modern application architectures has created significant security challenges, particularly in managing sensitive credentials, according to GitGuardian. Based on a survey of 1,000 IT decisi… Continue reading AI learning mechanisms may lead to increase in codebase leaks
Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 76% of organizations in the financial services sector, with 50% of organizations carrying critical security debt, according to Veracode. Financial sec… Continue reading 50% of financial orgs have high-severity security flaws in their apps
Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety vulnerabilities, despite old code (written in C/C++) not having been rewritten. The… Continue reading The number of Android memory safety vulnerabilities has tumbled, and here’s why
92% of security leaders have concerns about the use of AI-generated code within their organization, according to Venafi. Tension between security and developer teams 83% of security leaders say their developers currently use AI to generate code, with 5… Continue reading Security leaders consider banning AI coding due to security risks
One of the most universal experiences of any Linux or Unix user is working through a guide or handbook and coming across an almost unbelievably complex line of code meant …read more Continue reading Blowing Up Shell Scripts
In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within software dependencies. Plate also discusses the limitations of traditional sof… Continue reading Detecting vulnerable code in software dependencies is more complex than it seems
Infrastructure as Code (IaC) has become a widely adopted practice in modern DevOps, automating the management and provisioning of technology infrastructure through machine-readable definition files. What can we to do make IaC secure by default? Securit… Continue reading How to make Infrastructure as Code secure by default
With modern tools, you have to try very hard to do something stupid, because the tools (rightly) recognize you’re doing something stupid. [Andreas Karlsson] can speak to that first hand …read more Continue reading Compiling Four Billion If Statements
Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security, according to OpenSSF and the Linux Foundation. Despite this, many developers lack the essential knowledge and skil… Continue reading One-third of dev professionals unfamiliar with secure coding practices
In this Help Net Security, Martin Reynolds, Field CTO at Harness, discusses how AI can enhance the security of software development and deployment. However, increased reliance on AI-generated code introduces new risks, requiring human oversight and int… Continue reading Maintaining human oversight in AI-enhanced software development