Java services are the most-impacted by third-party vulnerabilities, according to the “State of DevSecOps 2024” report just released by cloud security provider Datadog. Released on April 17...
As of the first quarter of 2024, 83% of developers were involved in devops -related activities such as performance monitoring, security testing, or CI/CD , according to the State of CI/CD Report ...
Modern software applications are underpinned by a large and growing web of APIs , microservices , and cloud services that must be highly available, fault tolerant, and secure. The underlying net...
The Rust language team has published a point release of Rust to fix a critical vulnerability to the standard library that could benefit an attacker when using Windows. Rust 1.77.2 , published...
Synopsys has introduced Black Duck Supply Chain Edition , a software composition analysis (SCA) package that helps organizations mitigate upstream risk in software supply chains, including from ...
Parasoft has launched a tool to enhance safety testing for C and C++ applications. The tool comes at a time when the two venerable programming languages have come under fire over safety concerns...
The Eclipse Foundation announced that it is partnering with the Apache Software Foundation and other open source foundations to establish common specifications for secure software development bas...
Over the past decade, Rust has emerged as a language of choice for people who want to write fast, machine-native software that also has strong guarantees for memory safety. Other languages, li...
https://www.infoworld.com/article/3714925/rust-memory-safety-explained.html#tk.rss_security
2023 has been a breakout year for developers and generative AI . GitHub Copilot graduated from its technical preview stage in June 2022, and OpenAI released ChatGPT in November 2022. Just 18 mo...
The key benefits of platform engineering are increased developer productivity, better quality of software, reduced lead time for deployment, and more stable applications, according to Puppet by P...
The benefits of developing software in the cloud include increased flexibility and reliability, greater efficiency, and reduced costs. But cloud-based development also presents a host of challe...
Java Development Kit (JDK) 22 , released by Oracle March 19 as the latest version of standard Java, offers a number of security enhancements, covering areas ranging from an asymmetric key interfa...
https://www.infoworld.com/article/3714769/java-22-brings-security-enhancements.html#tk.rss_security
GitHub is previewing code scanning autofix, a feature that combines its GitHub Copilot AI assistant with its CodeQL code scanner to provide suggested fixes to discovered vulnerabilities. Code sca...
In JFrog’s just-released Software Supply Chain State of the Union 2024 report, the software supply chain platform provider found extensive use of AI and machine learning tools for security. H...
The internet of things (IoT) has transformed the way we interact with the world, connecting a myriad of devices to the internet, from smart thermostats in our homes to industrial sensors in manu...
C++ creator Bjarne Stroustrup has defended the widely used programming language in response to a Biden administration report that calls on developers to use memory-safe languages and avoid using...
Frank Crane wasn’t talking about open source when he famously said, “You may be deceived if you trust too much, but you will live in torment if you don’t trust enough.” But that’s a ...
https://www.infoworld.com/article/3714445/open-source-is-not-insecure.html#tk.rss_security
The US federal government has released a software attestation form intended to ensure that software producers partnering with the government leverage minimum secure development techniques and too...
JetBrains has released fixes for two critical security vulnerabilities in its TeamCity On-Premises CI/CD system discovered by cybersecurity company Rapid7. The two vulnerabilities reported i...
Cloudflare has announced the development of Firewall for AI, a protection layer that can be deployed in front of large language models (LLMs) that promises to identify abuses before they reach ...
https://www.infoworld.com/article/3713283/cloudflare-announces-firewall-for-ai.html#tk.rss_security