While 83 percent of IT decision makers say their organizations are implementing DevOps practices, many have stalled at a mid-stage of evolution.

A report from infrastructure automation company Puppet shows that it isn't technology but rather cultural blockers which remain the biggest hurdle to reaching DevOps maturity.

Continue reading →

Software supply chain attacks like that on SolarWinds have become more of a threat in recent months. But when it comes to defending against them businesses can't decide who is responsible according to a new report.

The study from machine identity management company Venafi is based on the opinions of over 1,000 information security professionals, developers and executives in the IT and software development industries.

Continue reading →

Internet of things devices pose a number of challenges for developers, not least security issues and having to work with limited hardware capability.

We talked to François Baldassari of connected device specialist Memfault to find out why it may be better if IoT device developers and engineers were to have the kinds of DevOps tools that only software teams have traditionally had access to.

Continue reading →

A new study from IT services provider Advanced shows 89 percent of large enterprises worldwide are worried they won't have access to the right IT talent to maintain and manage their legacy systems.

But the skill to modernize these systems are also scarce. Almost two-fifths (37 percent) of senior professionals -- including CIOs and Heads of IT -- admit their modernization programs have failed because they lack the depth and breadth of skills required for newer technologies like the Cloud. In addition 38 percent blame a lack of planning for the success of modernization projects.

Continue reading →

Demand for connected devices is causing a severe developer skills shortage and a crisis in wellbeing as developers come under increasing pressure.

New research for the Qt Company, carried out by Forrester Consulting, finds 75 percent of connected device manufacturers say that demand is outstripping supply. At the same time 65 percent are worried about the wellbeing of their developers.

Continue reading →

Site reliability engineering (SRE), SecOps and developer teams are all supposed to be on the same side.

But mismatches in incentives between these groups can lead to challenges surrounding how and what information is shared across siloed teams. This creates a hazard where one team can shift deployment risk to another team, with no accountability back to the originating team.

Continue reading →

According to new research 96 percent of data teams are operating at or over capacity, thanks to a surge in demand for data pipelines.

The study by data engineering company Ascend.io shows 93 percent of respondents anticipate the number of data pipelines in their organization increasing between now and the end of the year, with 56 percent predicting the number to increase by more than 50 percent.

Continue reading →

Last week's official release of the final build of the Linux-style Windows Package Manager by Microsoft was met with great excitement from the community. But the company seems to have only belatedly spotted an issue with its Store alternative.

The problem is that the Windows Package Manager Manifest Creator tool makes it incredibly simple to submit new package to the repository. This has results in complaints that "people are submitting bad or duplicate manifests without checking if the app already exists or not"; Microsoft has come up with a vey hands-on solution.

Continue reading →

Enterprise cloud developers believe open source will be key to the future of their organizations, as businesses look to restart growth post-pandemic.

Research from Finnish software company Aiven surveyed 200 UK developers in large companies and shows that 90.5 percent say open source will be a part of the future of their organizations.

Continue reading →

Thanks to the coronavirus pandemic, Google cancelled its I/O developer conference last year, but it returns as a virtual event for 2021 and you can watch it right here today.

We’re expecting Google to show off Android 12, the next update for its mobile operating system, as well as cover other Google services, like Google Assistant and its range of Home/Nest smart devices.

Continue reading →

A new study shows that 81 percent of development teams have knowingly pushed vulnerable code live, with 20 percent of senior managers even admitting to doing so often.

The report from Immersive Labs based on work by Osterman Research shows low confidence in application security in general, with only half of CISOs believing secure applications could be developed and just 44 percent of all security teams believing their company could withstand a SolarWinds style attack on their build environment.

Continue reading →

The transition to agile development, the rise of microservices, and an increased reliance on cloud services for business operations due to the pandemic have all contributed to an explosion in software development and a dramatic reduction in software delivery time.

But as the speed and complexity of application development skyrockets, application security professionals increasingly find themselves unable to keep up. Silicon Valley startup ArmorCode has produced a next-generation application security solution that consolidates three key AppSec needs into a single intelligent platform and it's raised $3 million in seed financing to develop it further.

Continue reading →

Despite the fact that third party code in IoT projects has grown 17 percent in the past five years, only 56 percent of OEMs have formal policies for testing security.

A report from security testing and software research company GrammaTech, based on findings from a VDC Research survey, reveals that this is despite 73.6 percent of respondents saying security is important, very important or critical.

Continue reading →

Microsoft has released a public preview of new APIs for Microsoft Graph that give system administrators, developers and professionals fine-grain control over updates for Windows 10.

The new APIs are powered by the Windows Update for Business deployment service and allow for greater management of update deployment in various environments. Control over the installation of Windows 10 updates is something that administrators and regular users alike have long craved, but it is something that has been made all the more important this year following the release of a seemingly endless string of problematic updates.

Continue reading →

Recent high-profile supply chain attacks such as SolarWinds have highlighted how vulnerable the software development pipeline can be.

To find out more about why the CI/CD pipeline is particularly vulnerable to attacks and what can be done to prevent them, we spoke to Vickie Li, developer evangelist at ShiftLeft, which has just launched a new product, ShiftLeft CORE, aimed at reducing risk to the software code base.

Continue reading →