#threat-modeling

[ follow ]
#secure-sdlc #secure-coding #continuous-monitoring #agent-security #provenance #credential-scoping
fromInfoQ
2 days ago

What Testers Can Do to Ensure Software Security

A secure software development life cycle means baking security into plan, design, build, test, and maintenance, rather than sprinkling it on at the end, Sara Martinez said in her talk Ensuring Software Security at Online TestConf. Testers aren't bug finders but early defenders, building security and quality in from the first sprint. Culture first, automation second, continuous testing and monitoring all the way; that's how you make security a habit instead of a fire drill, she argued.
Software development
Artificial intelligence
fromInfoQ
3 weeks ago

Trustworthy Productivity: Securing AI Accelerated Development

Treat all inputs in an agent's context (prompts, RAG documents, tool outputs, memory) as untrusted; enforce provenance, scoping, and expiry to prevent poisoning attacks.
Information security
fromInfoWorld
2 months ago

OpenAI launches Aardvark to detect and patch hidden bugs in code

Aardvark integrates into development pipelines to provide continuous, automated vulnerability analysis, repository-wide threat modeling, and sandboxed exploit validation.
fromThe Hacker News
2 months ago

What AI Reveals About Web Applications- and Why It Matters

Before an attacker ever sends a payload, they've already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your systems behave. AI is significantly accelerating reconnaissance and enabling attackers to map your environment with greater speed and precision.
Information security
Information security
fromDevOps.com
3 months ago

The DevSecOps Career Path: What No One Tells You About Getting Started - DevOps.com

DevOps teams must integrate security into every stage of rapid development, developing skills to balance delivery speed with robust threat-aware practices.
[ Load more ]