Microsoft Releases the Source Code You Wanted Almost 30 Years Ago

In the late 1970s and early 1980s, if you had a personal computer there was a fair chance it either booted into some version of Microsoft Basic or you could load and run Basic. There were other versions, of course, especially for very small computers, but the gold standard for …read more

Continue reading Microsoft Releases the Source Code You Wanted Almost 30 Years Ago

How to prevent azure pipelines (yaml) from being used as an attack vector?

Let’s say the following scenario exists:

A git repository exists on Azure DevOps Repos.
The repository uses yaml pipelines (azure-pipelines.yml).
The repository has branch policies to ensure that changes go through pull requests.
The bui… Continue reading How to prevent azure pipelines (yaml) from being used as an attack vector?

Are there any c# .net free software composition analysis tools to check opensource component used and its vulnerabilities and license [closed]

I have situation where I have to anlyse the third party components\libraries used in the code within the license terms and no know vulnerabilities.

I know there are tool name blackduck and whitesource which can meet the expectation, but w… Continue reading Are there any c# .net free software composition analysis tools to check opensource component used and its vulnerabilities and license [closed]

What is the difference between "secure code review" and "secure static code analysis"?

What are the subtle differences in both – as one could say that both are almost the same…

Static Code Analysis (also known as Source Code Analysis) is usually
performed as part of a Code Review (also known as white-box testing)
Continue reading What is the difference between "secure code review" and "secure static code analysis"?

Does removing features from a library increase or reduce security risks?

Software libraries targetting resource constrained environments like embedded systems use conditional compilation to allow consumers to shave space and thus increase performance by removing unused features from the final binaries distribut… Continue reading Does removing features from a library increase or reduce security risks?

How am I ever going to be able to "vet" 120,000+ lines of Composer PHP code not written by me?

I depend on PHP CLI for all kinds of personal and (hopefully, soon) professional/mission-critical “business logic”. (This could be any other language and the exact same problem would still stand; I’m just stating what I perso… Continue reading How am I ever going to be able to "vet" 120,000+ lines of Composer PHP code not written by me?