Articles about Development

Application Programming Interfaces (APIs), which act as the glue connecting systems and applications together, are now the number one attack target for cyber criminals. Attack methods have changed over recent years, however, prompting the OWASP API Security Project to revise its API Security Top 10 of attack types for 2023.

But do the tactics, techniques and procedures (TTPs) it covers still serve as a blueprint for defense? We spoke to Jason Kent, hacker in residence at Cequence Security, to find out if the top 10 is liable to see defenders take too narrow an approach.

Continue reading →

Today's application security landscape is complex and can lead to teams spending a lot of time hunting down vulnerabilities. Add in the move to cloud-based development and there's an even higher volume of code to deal with

We spoke to Shahar Man, CEO at Backslash Security, to learn more about what AppSec needs to look like in this world and how it ties in with greater use of the cloud.

Continue reading →

In today's increasingly digitally-centered organizations, the development of products, services, and solutions increasingly depends on the implementation of Application Programming Interfaces (APIs).

APIs have become the building blocks of modern business applications and are critical to digital transformation -- so much so that API security has become a boardroom issue.

Continue reading →

This year has seen twice as many software supply chain attacks as 2019-2022 combined and one in eight open source downloads today pose known and avoidable risks.

The latest State of the Software Supply Chain Report from Sonatype, which logged 245,032 malicious packages in 2023, also shows that 96 percent of vulnerabilities are still avoidable.

Continue reading →

Investments in DevOps automation are delivering significant benefits, including a 61 percent improvement in software quality, a 57 percent reduction in deployment failures, and a 55 percent decrease in IT costs.

However, a new survey from Dynatrace shows that just 38 percent of organizations have a clearly defined DevOps automation strategy.

Continue reading →

According to 800 developer (DevOps) and application security (SecOps) leaders surveyed, 97 percent are using GenAI technology today, with 74 percent saying they feel pressured to use it despite identified security risks.

The research from software supply chain management company Sonatype shows 45 percent of SecOps leads have already implemented generative AI into the software development process, compared to only 31 percent for DevOps.

Continue reading →

Most organizations have some level of legacy apps. These can be hard to maintain and inhibit initiatives like data sharing. But the modernization process is challenging due to staffing, tools, training, and other issues.

We spoke to EvolveWare CEO Miten Marfatia to find out how enterprise IT can ease this complex process and ensure they get it right.

Continue reading →

As developers look for ways to improve productivity they're moving away from 'no-code' offerings and have their sights set on serverless platforms to help bolster their 'low-code' solutions.

Serverless platforms take tasks like managing application resilience, performance, security and compliance away from developers, allowing them to focus on functionality and innovation. We spoke to Briana Frank, VP of product at IBM Cloud to find out more about how serverless will unlock the next era of low-code.

Continue reading →

Recent developments in generative AI have led to a good deal of debate around whether jobs are at risk. Since new AI applications like OpenAI Codex and Copilot can write code, developers could be among those under threat.

We spoke to Trisha Gee, lead developer evangelist at Gradle, to find out more about how AI is likely to change the way developers work.

Continue reading →

Concerns around supply chain security, partly driven by President Biden's Executive Order on Improving the US' Cybersecurity, are leading to increased adoption of software bills of materials (SBOM).

Research from Sonatype surveyed over 200 IT directors in the US and UK at businesses with over $50 million revenue and finds 76 percent of enterprises have adopted SBOMs since the order's introduction.

Continue reading →

Building products quickly to meet customer needs is more important than ever, especially as customer expectations continue to evolve. According to a recent study from Zendesk, 70 percent of consumers spend more with companies that offer fluid, personalized, and seamless customer experiences. For IT leaders, it’s not sufficient to focus on building things as required, their first focus needs to be on building the right thing. This means establishing a customer-centric product development process that supports discovering what customers really need and bringing a valuable product to market that meets their needs.

The most effective way to bring customer-centric products to market is to develop them incrementally and iteratively, with experimentation to discover how to best fulfill customer needs and with fast feedback to improve the quality of the product.

Continue reading →

New research shows 52 percent of the top 100 AI open source projects on GitHub reference known vulnerable open source software packages.

The report from Endor Labs explores emerging trends that software organizations need to consider as part of their security strategy, and risks associated with the use of existing open source software (OSS) in application development.

Continue reading →

Microsoft and Leapwork are partnering to deliver test automation to Microsoft Dynamics 365 and Microsoft Power Platform users.

Leapwork's platform uses an AI-powered, visual, codeless system that makes it easy for non-technical, everyday business users to build and maintain test automation. This allows continuous, end-to-end testing across applications, minimizing the risk of disruptions during monthly software updates and supporting the delivery of quality software.

Continue reading →

The popular database MySQL version 5.7 hits end of life status on the 31st of October 2023, just a few months away.

This means organizations that are running MySQL 5.7 will have to plan ahead on their options for the future. Dave Stokes, technology evangelist at Percona, spoke to us about some of the choices that will need to be made as well as how to get started on the process.

Continue reading →

Among governance, risk, and compliance (GRC) professionals responding to a new survey, 69 percent say that deploying a GRC platform that doesn't need developer support would improve their role.

The study from Onspring finds that a worrying 73 percent of respondents still needed a developer to update and administer their GRC programs, indicating a clear need for technologies that don't require developer input.

Continue reading →