IT Security
White House to Spend $11 Million to Study Open Source Software Use
Hardening the security around open source software has been a key part of the White House’s larger cybersecurity efforts since President Biden released his executive order for improving the United States’ security ...
Does More Money Improve Open Source Security?
It sounds simple: If you pay developers more money they'll improve the quality and security of their code. The evidence isn't so clear ...
OpenSSF warns of Open Source Social Engineering Threats
Steven J. Vaughan-Nichols | | Linux Foundation, open source, open source threats, OpenSSF, social engineering, XZ UtilsLinux dodged a bullet. If the XZ exploit had gone undiscovered for only a few more weeks, millions of Linux systems would have been compromised with a backdoor. We were lucky. But ...
Securing Open Source Software, the Cyber Resilience Act Way
Steven J. Vaughan-Nichols | | Cyber Resilience Act, cybersecurity standards, Eclipse Foundation, open source, Open Standards, programming, secure developmentThe Eclipse Foundation is spearheading an effort to create a unified framework for secure software development ...
Your AI Might be Lying to You
Don Macvittie | | ai, artificial intellegence, automation, code quality, generative AI, software quality, tool evaluation
Simple tests can demonstrate whether a code generator is actually doing what you ask ...
AISecOps: Expanding DevSecOps to Secure AI and ML
AISecOps, the application of DevSecOps principles to AI/ML and generative AI, means integrating security into models' life cycles ...
Cycode Acquires Bearer to Extend ASPM Platform
Cycode has acquired Bearer, a provider of a set of tools for SAST, API discovery and identification of sensitive data ...
Survey Sees Limited DevSecOps Progress Being Made as Vulnerabilities Mount
A recent survey found that, on average, organizations have 55.5 security vulnerabilities each day in their remediation queue, with at least one critical ...
Securing the DevOps Pipeline: Tools and Best Practices
Because of the critical nature of the DevOps pipeline, security is becoming a top priority. Here's how to integrate DevSecOps ...
Why DevOps is Key to Software Supply Chain Security
Kirsten Newcomer | | devops, devsecops, IT Service Delivery, SBOM (Software Bill of Materials), shift left security, Software Supply Chain Security, supply chain attacksOrganizations can maintain their DevOps momentum while protecting the software supply chain by shifting security left ...
Cycode Brings Generative AI to App Security Posture Management
Mike Vizard | | application security, appsec, ASPM, Cycode, generative AI, posture management, vulnerabilities
Cycode's generative AI capabilities in its ASPM platform make it simpler for DevSecOps teams to identify the root cause of vulnerabilities ...
ReversingLabs Applies AI to Better Secure Application Binaries
Mike Vizard | | application development, binaries, ReversingLabs, software development, Software Supply Chain
ReversingLabs launched a binary analysis tool that uses machine learning algorithms to identify risks before and after apps are deployed ...
