Articles about Development

The popular database MySQL version 5.7 hits end of life status on the 31st of October 2023, just a few months away.

This means organizations that are running MySQL 5.7 will have to plan ahead on their options for the future. Dave Stokes, technology evangelist at Percona, spoke to us about some of the choices that will need to be made as well as how to get started on the process.

Continue reading →

Among governance, risk, and compliance (GRC) professionals responding to a new survey, 69 percent say that deploying a GRC platform that doesn't need developer support would improve their role.

The study from Onspring finds that a worrying 73 percent of respondents still needed a developer to update and administer their GRC programs, indicating a clear need for technologies that don't require developer input.

Continue reading →

The Java programming language dates back to 1996, released by Sun Microsystems as a way of developing multimedia applications in a portable and interactive way.

That Java is still immensely popular almost 30 years on suggests that it must have got something right. New Relic's 2023 State of the Java Ecosystem report takes an in-depth look at the use of one of the most popular programming languages.

Continue reading →

According to a new study, 86 percent of software developers and AppSec managers surveyed have or know someone who has knowingly deployed vulnerable code.

What's more the study from Checkmarx shows 88 percent of AppSec managers surveyed have experienced at least one breach in the last year as a direct result of vulnerable application code.

Continue reading →

New research reveals that CISOs are finding it increasingly difficult to keep their software secure as hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production.

The study from Dynatrace shows 68 percent of CISOs say vulnerability management is more difficult because the complexity of their software supply chain and cloud ecosystem has increased.

Continue reading →

A record 26,448 software security flaws were reported by CISA last year, with the number of critical vulnerabilities (CVEs) up 59 percent from 2021 at 4,135.

The 2023 Annual Threat Intelligence Report, from the Deepwatch Adversary Tactics and Intelligence (ATI) team, also shows that the conflict between Ukraine and Russia has unleashed a flurry of amateur and state-sponsored attacks and breaches on organizations and critical infrastructure.

Continue reading →

Thanks to increased cloud and container use there's a growing demand for machine identities, but delivering and managing those identities can present problems.

Machine ID specialist Venafi is launching a new tool called Firefly that enables security teams to easily and securely meet developer-driven machine identity management requirements for cloud native workloads by issuing machine identities, such as TLS and SPIFFE, locally and quickly across any environment.

Continue reading →

In recent years supply chain attacks have become much more commonplace, targeting vulnerabilities and getting legitimate apps to distribute malware.

We spoke to Nir Valtman, CEO and founder at Arnica, to discuss the issues these attacks raise and how organizations can defend against them.

Continue reading →

Historically, security has been treated as something as an afterthought in the IT industry. In more recent years though there has been pressure to introduce 'security by design' to ensure that products are developed with best practices in mind.

We spoke to David Melamed CTO of Jit to find out about integrating security and how security tools can be used by developers not just security professionals.

Continue reading →

When preparing for modernization, 70 percent of companies are confident or very confident in their understanding of their applications.

However, a new report from EvolveWare shows the high confidence level drops as companies plan their modernization project (41 percent) and begin their project (28 percent), suggesting that organizations only start to understand the level of knowledge needed for these efforts after they are further into their planning or execution.

Continue reading →

With more and more organizations turning to the cloud and cloud-native application development, AppSec teams face a mounting challenge to keep pace with their development counterparts.

To address this, Backslash Security is launching a new solution to provide unified code and cloud-native security by correlating cloud context to code risk, backed by automated threat modeling, code risk prioritization, and simplified remediation across applications and teams.

Continue reading →

As we reported at the end of last year, IBM and AWS have extended their collaboration, making IBM software products available as Software-as-a-Service (SaaS) on the AWS Marketplace.

We spoke to Judah Bernstein, CTO, AWS strategic partnership at IBM, to find out more about how the collaboration works and what it means for customers and Ecosystem partners.

Continue reading →

Complex software today includes components that rely on digital authentication credentials commonly referred to as secrets, which include tools such as login credentials, API tokens, and encryption keys. While critical for the software to function, managing secrets across every component of code is a challenge that can result in secrets being left vulnerable.

Supply chain security company ReversingLabs is launching a new secrets detection feature within its Software Supply Chain Security (SSCS) platform.

Continue reading →

Secrets are not just login credentials and personal data; they securely hold together the components of the modern software supply chain, from code to the cloud. And because of the leverage they provide they are much sought-after by hackers.

However, many breaches that occurred in 2022 show how inadequate the protection of secrets is. Research from automated detection specialist GitGuardian finds that one in 10 code authors exposed a secret in 2022.

Continue reading →

As developers increasingly rely on open source components in their projects, knowing which have been used is a key part of being able to identify updates and potential threats. This is where a software bill of materials (SBOM) is essential.

Application security testing and software research services company GrammaTech is launching a no cost SBOM service, alongside a new version of its CodeSentry software composition analysis (SCA) tool.

Continue reading →