Please turn on your JavaScript for this page to function normally.
bot
Repairnator bot finds software bugs, successfully submits patches

Can a bot create valid, high-quality fixes for software bugs more rapidly than a human can, and get them accepted by human developers and permanently merged in the code base? …

circle
Cybersecurity as catalyst for greater adoption of agile development

Agile development increases the output of software development projects by using a faster, more iterative engineering process. This pace also allows rapid course correction, …

GitHub
GitHub adds Python support for security alerts

GitHub has announced that its recently introduced feature for alerting developers about known vulnerabilities in software packages that their projects depend on will now also …

Hand
Zip Slip vulnerability affects thousands of projects

An arbitrary file overwrite vulnerability that can be exploited by attackers to achieve code execution on a target system affects a myriad of projects and multiple ecosystems, …

DevSecOps
Devs know application security is important, but have no time for it

Sonatype polled 2,076 IT professionals to discover practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions, and the results …

alert
GitHub starts alerting developers of security vulnerabilities in dependencies

Popular Git repository hosting service GitHub has introduced a new feature to help developers keep their projects safer: security alerts for vulnerabilities in software …

Stack Overflow
Secure coding in Java: Bad online advice and confusing APIs

For programmers and software developers, the Internet forums provide a great place to exchange knowledge and seek answers to concrete coding conundrums. Alas, they are not …

LabVIEW
Cisco unveils LabVIEW code execution flaw that won’t be patched

LabVIEW, the widely used system design and development platform developed by National Instruments, sports a memory corruption vulnerability that could lead to code execution. …

bomb
Another Ukrainian software maker’s site compromised to spread malware

The web server of Crystal Finance Millennium, a Ukraine-based accounting software firm, has been compromised and made to host different types of malware. The discovery of the …

fuzzing
Microsoft opens fuzz testing service to the wider public

Microsoft Security Risk Detection, a cloud-based fuzz testing service previously known under the name Project Springfield, is now open to all and sundry. Fuzz testing (i.e. …

GnuPG
GnuPG developers start new fundraising effort

Werner Koch and his team of GnuPG developers are asking for funding for the continued development of the popular free email and data encryption software. What is GnuPG, and …

architecture
Introducing security into software through APIs

Application programming interfaces (APIs) can make life easier for software developers, allowing them to concentrate on what they do best and preventing them from being forced …

Don't miss

Cybersecurity news