Tackling software vulnerabilities with smarter developer strategies

In this Help Net Security interview, Karl Mattson, CISO at Endor Labs, discusses strategies for enhancing secure software development. Mattson covers how developers can address vulnerabilities in complex systems, ways organizations can better support s… Continue reading Tackling software vulnerabilities with smarter developer strategies

70% of open-source components are poorly or no longer maintained

The geographic distribution of open-source contributions introduces geopolitical risks that organizations must urgently consider, especially with rising nation-state attacks, according to Lineaje. Open-source code risks rise with anonymous contribution… Continue reading 70% of open-source components are poorly or no longer maintained

AI learning mechanisms may lead to increase in codebase leaks

The proliferation of non-human identities and the complexity of modern application architectures has created significant security challenges, particularly in managing sensitive credentials, according to GitGuardian. Based on a survey of 1,000 IT decisi… Continue reading AI learning mechanisms may lead to increase in codebase leaks

50% of financial orgs have high-severity security flaws in their apps

Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 76% of organizations in the financial services sector, with 50% of organizations carrying critical security debt, according to Veracode. Financial sec… Continue reading 50% of financial orgs have high-severity security flaws in their apps

The number of Android memory safety vulnerabilities has tumbled, and here’s why

Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety vulnerabilities, despite old code (written in C/C++) not having been rewritten. The… Continue reading The number of Android memory safety vulnerabilities has tumbled, and here’s why

Security leaders consider banning AI coding due to security risks

92% of security leaders have concerns about the use of AI-generated code within their organization, according to Venafi. Tension between security and developer teams 83% of security leaders say their developers currently use AI to generate code, with 5… Continue reading Security leaders consider banning AI coding due to security risks

Detecting vulnerable code in software dependencies is more complex than it seems

In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within software dependencies. Plate also discusses the limitations of traditional sof… Continue reading Detecting vulnerable code in software dependencies is more complex than it seems

How to make Infrastructure as Code secure by default

Infrastructure as Code (IaC) has become a widely adopted practice in modern DevOps, automating the management and provisioning of technology infrastructure through machine-readable definition files. What can we to do make IaC secure by default? Securit… Continue reading How to make Infrastructure as Code secure by default