Tag: software security
Eclipse Foundation Extends Scope and Reach of Open VSX Registry
Mike Vizard | | AI coding tools, application development, AWS, developer tools, digital sovereignty, encryption, exposed credentials, extension name spoofing, funding model, malicious pattern detection, multi-region architecture, namespace impersonation, rate limiting, security infrastructure, software security, Software Supply Chain, trusted environments.The Eclipse Foundation launches a new framework for the Open VSX Registry, enhancing security features and transitioning to a hybrid architecture. With support from AI tool provider Cursor, this initiative aims to ...
Will AI Kill the OSS Star?
Alan Shimel | | AI and OSS relationship, AI impact on open source, AI slop, AI-generated pull requests, apprenticeship model, coding ecosystem, collective understanding, community health, community interaction, custom code generation, documentation decline, economic shift, engagement drop, fragmentation risk, generative AI, licensing issues, long-term sustainability, open source challenges, open source maintenance, OSS market, software development trends, software security, standardization, technology evolution., vibe codingAs AI-driven development accelerates, open source software faces an uncomfortable paradox: Usage is rising while engagement, sustainability and community economics quietly erode. AI isn’t eliminating OSS, but it is reshaping how code ...
Secure By Design, Secure by Default
Julian Browne | | adaptive security, continuous improvement, continuous security, cyber resilience, devops, devops best practices, devsecops, dynamic systems, embedded security, enterprise compliance, incident response, modern software delivery, production monitoring, real-time security, secure by default, secure coding, secure-by-design, security governance, security in production, security strategy, security theatre, shift left security, software security, static analysis, threat modeling“Shift left” alone won’t secure software. Real security must be embedded continuously across design, development, and production—not just moved earlier ...
Qwiet AI Extends Microsoft Support in Platform for Fixing Vulnerabilities
Mike Vizard | | AI agents, AI coding tools, application security, AutoFix, Azure Boards, Azure DevOps, devsecops, github, SARIF, SAST, software security, Swift, vulnerability remediationQwiet AI extends its AI-driven application security platform with deeper Microsoft DevOps integrations, enhanced automation, and expanded AutoFix capabilities to proactively remediate code vulnerabilities ...
The Hidden Imperative in the UK’s Software Security Code: Provable Readiness
The challenge ahead is clear: Let’s not settle for minimum viable security. Let’s aim for resilient, trustworthy and demonstrably secure software that stands up to the threats of today and tomorrow. ...
Code Signing in the DevOps Era: Silver Bullet or Security Theater?
Aditya Gupta | | Anomaly Detection in DevOps, CI/CD, code signing, devsecops, key management, security automation, Software Bill of Materials (SBOM), software securityIn the race for speed and automation, code signing is treated as a silver bullet when it should be just one part of a deeper trust strategy. ...
Report Shines Spotlight on Open Source Software Security Challenges
An analysis of more than five million open-source software packages published by Lineaje, a provider of a platform for tracking open-source software components, finds 95% of security issues involve some type of ...
Survey Surfaces Steady Gains in DevSecOps Adoption
A survey of more than 500 DevOps practitioners finds less than half (47%) of respondents work for organizations that regularly employ best DevSecOps practices. Conducted by Techstrong Research, an arm of the ...
SBOM as a Cornerstone of Secure Software Development
By providing transparency into the software supply chain, an SBOM helps organizations identify and manage vulnerabilities in third-party and open-source components ...
No Country for No-Code: Are We Heading Towards a Wild West of Software Security?
Michael Burch | | application security, citizen developers, CVEs, Low Code, No Code, software securityThe specter of an untrained employee creating applications is alarming: No-code/low-code platforms empower employees with no application security knowledge to develop programs that security teams don’t know exist ...
Leveraging eBPF for DevSecOps
The applications for enhancing security observability with eBPF are vast, and it's increasingly valuable for DevSecOps use cases ...
Squaring the Circle: How to Make Public APIs Private
Many API attacks are effectively zero-day, novel attacks that exploit recent and unique changes to specific APIs. Here's how to stop them ...
