Collaborate Disseminate
Code review remains the biggest influence on improving code quality with unit testing a distant second, a SmartBear survey reveals. With development teams getting larger and remaining remote, a tool-based code review process offers the best advantage, … Continue reading Code review: How satisfied are development teams?
Open source has transformed the software world, tremendously reducing the cost of introducing new technology by enabling broad reuse across products and industries. However, organizations pulling their code from open source will often find themselves i… Continue reading Open-source code: How to stay secure while moving fast
Open source has transformed the software world, tremendously reducing the cost of introducing new technology by enabling broad reuse across products and industries. However, organizations pulling their code from open source will often find themselves i… Continue reading Open-source code: How to stay secure while moving fast
Software supply chain attacks grew by more than 300% in 2021 compared to 2020, according to a study by Argon Security. According to the study, researchers discovered attackers focused most heavily on open source vulnerabilities and poisoning, code inte… Continue reading Software supply chain attacks jumped over 300% in 2021
ESET researchers took an in-depth look into the abuse of vulnerable kernel drivers. Vulnerabilities in signed drivers are mostly utilized by game cheat developers to circumvent anti-cheat mechanisms, but they have also been observed being used by sever… Continue reading Delivering vulnerable signed kernel drivers remains popular among attackers
I published the following diary on isc.sans.edu: “Code Reuse In the Malware Landscape“: Code re-use is classic behavior for many developers and this looks legit: Why reinvent the wheel if you can find some pieces of code that do what you are trying to achieve? If you publish a nice
The post [SANS ISC] Code Reuse In the Malware Landscape appeared first on /dev/random.
Continue reading [SANS ISC] Code Reuse In the Malware Landscape
Veracode has revealed usage data that demonstrates cybersecurity is becoming more automated and componentized in line with modern software architectures and development practices. The analysis of 5,446,170 static scans and more than 310,000 apps over a… Continue reading Shifting security further left: DevSecOps becoming SecDevOps
Software professionals know that the working relationship between developers and security teams can be complicated. Most security professionals feel it’s part of a programmer’s role to write code securely, but most developers get next to no support to … Continue reading How to implement security into software design from the get-go
Programming can be a frustrating endeavor. Certainly we’ve all had moments, such as forgetting punctuation in C or messing up whitespace in Python. Even worse, an altogether familiar experience is …read more Continue reading A Programming Language To Express Programming Frustration
In this Help Net Security interview, Cindy Blake, Senior Security Evangelist at GitLab, talks about the importance of integrating security in DevSecOps and how to overcome the complexity of such integration. Security in DevOps is often being neglected…. Continue reading Putting the “sec” in DevSecOps: An overall reduction of risk