by Azalio tdshpsk | Mar 20, 2024 | Security
GitHub is previewing code scanning autofix, a feature that combines its GitHub Copilot AI assistant with its CodeQL code scanner to provide suggested fixes to discovered vulnerabilities. Code scanning autofix is available in a public beta to GitHub Advanced Security...
by Azalio tdshpsk | Mar 20, 2024 | Security
In JFrog’s just-released Software Supply Chain State of the Union 2024 report, the software supply chain platform provider found extensive use of AI and machine learning tools for security. However, only one in three software developers the company surveyed use...
by Azalio tdshpsk | Mar 18, 2024 | Security
C++ creator Bjarne Stroustrup has defended the widely used programming language in response to a Biden administration report that calls on developers to use memory-safe languages and avoid using vulnerable ones such as C++ and C.In a March 15 response to an inquiry...
by Azalio tdshpsk | Mar 14, 2024 | Security
Frank Crane wasn’t talking about open source when he famously said, “You may be deceived if you trust too much, but you will live in torment if you don’t trust enough.”But that’s a great way to summarize today’s gap between how open source is actually being consumed,...
by Azalio tdshpsk | Mar 13, 2024 | Security
The US federal government has released a software attestation form intended to ensure that software producers partnering with the government leverage minimum secure development techniques and tool sets.The form was announced March 11 by the Department of Homeland...
by Azalio tdshpsk | Mar 12, 2024 | Security
JetBrains has released fixes for two critical security vulnerabilities in its TeamCity On-Premises CI/CD system discovered by cybersecurity company Rapid7.The two vulnerabilities reported in late-February by Rapid7 would enable an authenticated attacker with HTTP(S)...
