Collaborate Disseminate
Nearly half of organizations regularly and knowingly ship vulnerable code despite using AppSec tools, according to Veracode. Among the top reasons cited for pushing vulnerable code were pressure to meet release deadlines (54%) and finding vulnerabiliti… Continue reading Organizations knowingly ship vulnerable code despite using AppSec tools
On June 2, it was revealed that the Octopus Scanner malware had infected at least 26 open source code repositories on GitHub. Once downloaded, the malware specifically targets the Apache NetBeans Java integrated development environment (IDE), which is … Continue reading Open Source Code: Trojan Horse for Attacks?
GitHub & DevSecOps Productivity Tips
This article was originally published at ShiftLeft Blog.
My colleague Andrew Fife wrote about our passion to focus on developer experience and productivity with our NextGen Static Analysis platform. Productivity… Continue reading DevOps productivity series — GitHub for DevSecOps
A study from North Carolina State University and Microsoft finds that the technical interviews currently used in hiring for many software engineering positions test whether a job candidate has performance anxiety rather than whether the candidate is co… Continue reading Tech sector job interviews test performance anxiety rather than competence at coding
More and more companies, self-employed and private customers are using Boxcryptor to protect sensitive data – primarily in the cloud. Boxcryptor ensures that nobody but authorized persons have access to the data. Cloud providers and their staff, as wel… Continue reading A Boxcryptor audit shows no critical weaknesses in the software
Researchers warn that the Earth Empusa threat group is distributing the spyware by injecting code into fake and watering-hole pages. Continue reading Android ‘ActionSpy’ Malware Targets Turkic Minority Group
Seven in 10 applications have a security flaw in an open source library, highlighting how use of open source can introduce flaws, increase risk, and add to security debt, a Veracode research reveals. Nearly all modern applications, including those sold… Continue reading How secure are open source libraries?
As breaches and hacks continue, and new vulnerabilities are uncovered, secure coding is being recognized as an increasingly important security concept — and not just for back-room techies anymore, Accurics reveals. Cloud stack risk “Our report cl… Continue reading Technologies in all layers of the cloud stack are at risk
99% of commercial codebases contain at least one open source component, with open source comprising 70% of the code overall, according to Synopsys. Open source components and security More notable is the continued widespread use of aging or abandoned o… Continue reading Eye-opening statistics about open source security, license compliance, and code quality risk
In 1993, IBM PCs & clones were a significant but not dominant fraction of the home computer market. They were saddled with the stigma of boring business machines. Lacking Apple Macintosh’s polish, unable to match Apple II’s software library, and missing Commodore’s audio/visual capabilities. The Amiga was the default platform …read more
Continue reading Under The Hood Of Second Reality, PC Demoscene Landmark