#software-security
#software-security

"Attackers are no longer simply experimenting with open source. The numbers are telling us that threat actors have identified data as the most profitable target, and developers as the easiest way in."

Privacy technologies

DevOps

fromVuejobs

1 month ago

Intermediate Fullstack Engineer (Ruby/vue.js), Software Supply Chain Security: Pipeline Security at GitLab

GitLab emphasizes collaborative software development to enhance organizational security and efficiency through AI-driven innovation.

Artificial intelligence

fromIT Pro

1 month ago

AI-generated code is in vogue: Developers are now packing codebases with automated code - but they're overlooking security and leaving enterprises open to huge risks

The rise of AI in development is leading to codebases that are predominantly AI-generated.

fromIT Pro

2 months ago

Shifting left might improve software security, but developers are becoming overwhelmed - communication barriers, tool sprawl, and 'vulnerability overload' is causing serious headaches for development teams

"Everyone talks about shifting left, but few are seeing the security gains they expected. Most organizations have tools in place, but they still struggle with noise, process friction, and developer resistance."

Software development

#devsecops

fromDevOps.com

2 months ago

Software development

Futurum Group Survey Surfaces DevSecOps Progress on Multiple Fronts - DevOps.com

fromDevOps.com

3 months ago

Artificial intelligence

Legit Security Extends AI Reach of ASPM Platform - DevOps.com

fromDevOps.com

4 months ago

Software development

JFrog Survey Surfaces Limited DevSecOps Gains - DevOps.com

fromDevOps.com

2 months ago

Software development

Futurum Group Survey Surfaces DevSecOps Progress on Multiple Fronts - DevOps.com

fromDevOps.com

3 months ago

Artificial intelligence

Legit Security Extends AI Reach of ASPM Platform - DevOps.com

fromDevOps.com

4 months ago

Software development

JFrog Survey Surfaces Limited DevSecOps Gains - DevOps.com

more#devsecops

Artificial intelligence

fromHackernoon

2 years ago

Code Smell 300 - Package Hallucination | HackerNoon

Avoid hallucinated packages that compromise security and stability.

Implement robust validation to counter risks of AI-generated dependencies.

#ai

fromDevOps.com

3 months ago

DevOps

Lineaje Leverages AI Agents to Secure Open Source Packages and Images - DevOps.com

Artificial intelligence

fromTheregister

3 months ago

AI code suggestions sabotage software supply chain

LLM-powered code generation tools are reshaping software development but may introduce significant risks to the software supply chain.

fromDevOps.com

3 months ago

DevOps

Lineaje Leverages AI Agents to Secure Open Source Packages and Images - DevOps.com

Artificial intelligence

fromTheregister

3 months ago

AI code suggestions sabotage software supply chain

LLM-powered code generation tools are reshaping software development but may introduce significant risks to the software supply chain.

more#ai

Artificial intelligence

fromIT Pro

3 months ago

Want to supercharge your vibe coding skills? Here are the best AI models developers can use to generate secure code

Vibe coding poses risks as AI-generated code often lacks adequate security measures, leading to vulnerabilities.

Artificial intelligence

fromDevOps.com

3 months ago

AI-Generated Code Packages Can Lead to 'Slopsquatting' Threat - DevOps.com

AI hallucinations can lead to incorrect or made-up package recommendations, posing security risks for software developers.

Software development

fromDevOps.com

3 months ago

Report: Commerical Software Just as Vulnerable as Open Source - DevOps.com

Commercial software is as vulnerable as open-source code, highlighting the need for improved security measures.

Numerous risks exist in widely used applications, raising concerns for developers and security teams.

Software development

fromDevOps.com

5 months ago

Black Duck Analysis Surfaces Raft of Open Source Software Vulnerabilities in Code Bases - DevOps.com

A significant majority of commercial codebases contain high-risk open-source vulnerabilities; proactive testing is crucial for software security.

DevOps

fromDevOps.com

5 months ago

Endor Labs Extends Microsoft SCA Alliance to GitHub - DevOps.com

Endor Labs and GitHub's partnership enhances software vulnerability management directly within DevOps workflows.

The integration streamlines the discovery and remediation of vulnerabilities in the development process.

fromSecuritymagazine

7 months ago

U.S. is the to generator of anonymous open source contributions

A new report indicates that the United States and Russia lead in open source project contributions globally, highlighting critical vulnerabilities in the software supply chain.

Information security

fromTechRepublic

8 months ago

Software Makers Encouraged to Stop Using C/C++ by 2026

The Product Security Best Practices report emphasizes that software manufacturers should abandon memory-unsafe programming languages, particularly C/C++, to minimize risks associated with national security.

Information security

fromCodeProject

10 months ago

(Non-)Nullable Reference Types

Nullable reference types in C# mislead by focusing on non-nullable variables rather than explicitly clarifying type distinctions.

The implementation of nullable reference types creates confusion and potential security vulnerabilities in C# applications.

[ Load more ]

#software-security#software-security

Stopping the rot when good software goes bad means new rules

SBOMs Are Not Enough - DevOps.com

The Hidden Imperative in the UK's Software Security Code: Provable Readiness - DevOps.com

The Truth Is Always in the Code: Why Security Starts With Visibility

The hidden threat: Privacy and security risks in chips

The Hidden Imperative in the UK's Software Security Code: Provable Readiness - DevOps.com

The Truth Is Always in the Code: Why Security Starts With Visibility

The hidden threat: Privacy and security risks in chips

Developers face a torrent of malware threats as malicious open source packages surge 188%

Intermediate Fullstack Engineer (Ruby/vue.js), Software Supply Chain Security: Pipeline Security at GitLab

AI-generated code is in vogue: Developers are now packing codebases with automated code - but they're overlooking security and leaving enterprises open to huge risks

Shifting left might improve software security, but developers are becoming overwhelmed - communication barriers, tool sprawl, and 'vulnerability overload' is causing serious headaches for development teams

Futurum Group Survey Surfaces DevSecOps Progress on Multiple Fronts - DevOps.com

Legit Security Extends AI Reach of ASPM Platform - DevOps.com

JFrog Survey Surfaces Limited DevSecOps Gains - DevOps.com

Futurum Group Survey Surfaces DevSecOps Progress on Multiple Fronts - DevOps.com

Legit Security Extends AI Reach of ASPM Platform - DevOps.com

JFrog Survey Surfaces Limited DevSecOps Gains - DevOps.com

Code Smell 300 - Package Hallucination | HackerNoon

Lineaje Leverages AI Agents to Secure Open Source Packages and Images - DevOps.com

AI code suggestions sabotage software supply chain

Lineaje Leverages AI Agents to Secure Open Source Packages and Images - DevOps.com

AI code suggestions sabotage software supply chain

Want to supercharge your vibe coding skills? Here are the best AI models developers can use to generate secure code

AI-Generated Code Packages Can Lead to 'Slopsquatting' Threat - DevOps.com

Report: Commerical Software Just as Vulnerable as Open Source - DevOps.com

Black Duck Analysis Surfaces Raft of Open Source Software Vulnerabilities in Code Bases - DevOps.com

Endor Labs Extends Microsoft SCA Alliance to GitHub - DevOps.com

U.S. is the to generator of anonymous open source contributions

Software Makers Encouraged to Stop Using C/C++ by 2026

(Non-)Nullable Reference Types

#software-security
#software-security