Tag: secure code
Mobb Extends DevSecOps Reach of Tool to Generate Patches
Mobb added an ability to instantly surface patches for vulnerabilities at the time when code is being committed during a DevSecOps workflow ...
The Cyber Resilience Act Threatens the Future of Open Source
The EU is set to vote on the CRA July 19, 2023. Sonatype’s Brian Fox believes it’s a threat to the future of open source development ...
I Guess This is Growing Up: Devs and CISA’s Secure-by-Design Guidelines
With the downward pressure of a global recession, inflation and general post-pandemic turbulence underpinning disruption to multiple facets of life, it seems only fair that we in the IT, software and security ...
ReversingLabs Adds Ability to Detect Secrets in Application Binaries
ReversingLabs today announced it added an ability to detect secrets exposed in application binaries to its Software Supply Chain Security (SSCS) platform. Tomislav Peričin, chief software architect for ReversingLabs, said this addition ...
GitGuardian: 10M Exposed Secrets on GitHub
Mike Vizard | | GitGuardian, github, Secrets, secrets management, secure code, Software Supply ChainGitGuardian published an analysis of more than one billion commits to GitHub repositories that found 10 million occurrences of secrets, with one out of 10 developers exposing a secret. Mackenzie Jackson, a ...
Report Identifies Top 10 Open Source Software Risks
Endor Labs, a provider of a platform for managing open source software, published a report that classifies the top 10 open source software risks of 2023. The company published the list as ...
Benefits and Challenges of DevSecOps for Business
Almost every day, there is a new tactic or technique discovered that hackers can use to disrupt a company’s systems, obtain critical data and information or steal money. Often attackers look to ...
Rezilion Updates Open Source MI-X Tool to Better Secure App Development
Mike Vizard | | application security, Rezilion, secure code, Software Supply Chain, vulnerability scanningRezilion has updated its open source MI-X vulnerability discovery tool to include mitigation and remediation recommendations. In addition, the tool can now produce machine-readable output in either a JSON or CSV format ...
How SASE Can Ease DevSecOps Adoption
DevSecOps is a software development methodology that merges development (Dev), security (Sec) and operations (Ops) into one team that integrates security throughout the entire software development life cycle (SDLC). The goal is ...
Shift Left Testing in Microservices Environments
By now, it’s common knowledge that the later a bug is detected in the software development life cycle (SDLC), the longer it takes and the more expensive it is to fix that ...
Massive Number of Transitive Dependencies Traced to Open Source Code
An analysis of nearly 2,000 software packages published by Endor Labs found 95% of all application vulnerabilities can be traced back to a transitive dependency created when a developer used an open ...
How Devs Can Improve Open Source Security in the Enterprise
Modern applications are dynamic. They’re distributed and they’re often born in the cloud. These applications can be developed on the fly, spun up and scaled quickly to meet evolving user and market ...
