The NSA urged developers and organizations to switch to memory-safe languages to address memory safety issues responsible for most exploitable vulnerabilities. Microsoft and Google attribute 70% of some of their product vulnerabilities to software memory safety issues.
Kubernetes security directly impacts development work. The agility offered by container orchestration quickly reduces when security challenges impede build and deployment workflows. Any security weaknesses in production environments can – and almost certainly will – lead to data breaches.
Shadow code may pose a serious supply chain risk. Sampling 4,300 websites and applications ranked by traffic, researchers discovered that each website had an average of 12 third-party scripts and three fourth-party scripts.
Codecov supply chain attack remained undetected for months and likely affected Google, IBM, HP, and others. Hackers stole user data from the company’s continuous integration environment.
Ponemon and WhiteSource report on application security indicates that most large enterprise-scale organizations feel that their portfolio of applications has become more vulnerable recently.
No-code and low-code are undoubtedly being touted as the next big thing by the tech industry. Despite all the hype we shouldn’t lose focus on the biggest barrier to adoption: security.
Source code leak of software belonging to over 50 high profile companies was made available online due to misconfiguration of their software development platforms.
Development automation needs to shift from an almost exclusively technical automation-for-speed perspective to a more business centric perspective of automation-for-balance.
The use of DevSecOps methodology will enable any software organization to stay ahead of data security while rolling out their products efficiently and quickly.
API that provides list of Android apps installed on a device may allow advertisers to fingerprint users' demographic information and track what they access on the internet.