Articles about Development

Concerns around supply chain security, partly driven by President Biden's Executive Order on Improving the US' Cybersecurity, are leading to increased adoption of software bills of materials (SBOM).

Research from Sonatype surveyed over 200 IT directors in the US and UK at businesses with over $50 million revenue and finds 76 percent of enterprises have adopted SBOMs since the order's introduction.

Continue reading →

Building products quickly to meet customer needs is more important than ever, especially as customer expectations continue to evolve. According to a recent study from Zendesk, 70 percent of consumers spend more with companies that offer fluid, personalized, and seamless customer experiences. For IT leaders, it’s not sufficient to focus on building things as required, their first focus needs to be on building the right thing. This means establishing a customer-centric product development process that supports discovering what customers really need and bringing a valuable product to market that meets their needs.

The most effective way to bring customer-centric products to market is to develop them incrementally and iteratively, with experimentation to discover how to best fulfill customer needs and with fast feedback to improve the quality of the product.

Continue reading →

New research shows 52 percent of the top 100 AI open source projects on GitHub reference known vulnerable open source software packages.

The report from Endor Labs explores emerging trends that software organizations need to consider as part of their security strategy, and risks associated with the use of existing open source software (OSS) in application development.

Continue reading →

Microsoft and Leapwork are partnering to deliver test automation to Microsoft Dynamics 365 and Microsoft Power Platform users.

Leapwork's platform uses an AI-powered, visual, codeless system that makes it easy for non-technical, everyday business users to build and maintain test automation. This allows continuous, end-to-end testing across applications, minimizing the risk of disruptions during monthly software updates and supporting the delivery of quality software.

Continue reading →

The popular database MySQL version 5.7 hits end of life status on the 31st of October 2023, just a few months away.

This means organizations that are running MySQL 5.7 will have to plan ahead on their options for the future. Dave Stokes, technology evangelist at Percona, spoke to us about some of the choices that will need to be made as well as how to get started on the process.

Continue reading →

Among governance, risk, and compliance (GRC) professionals responding to a new survey, 69 percent say that deploying a GRC platform that doesn't need developer support would improve their role.

The study from Onspring finds that a worrying 73 percent of respondents still needed a developer to update and administer their GRC programs, indicating a clear need for technologies that don't require developer input.

Continue reading →

The Java programming language dates back to 1996, released by Sun Microsystems as a way of developing multimedia applications in a portable and interactive way.

That Java is still immensely popular almost 30 years on suggests that it must have got something right. New Relic's 2023 State of the Java Ecosystem report takes an in-depth look at the use of one of the most popular programming languages.

Continue reading →

According to a new study, 86 percent of software developers and AppSec managers surveyed have or know someone who has knowingly deployed vulnerable code.

What's more the study from Checkmarx shows 88 percent of AppSec managers surveyed have experienced at least one breach in the last year as a direct result of vulnerable application code.

Continue reading →

New research reveals that CISOs are finding it increasingly difficult to keep their software secure as hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production.

The study from Dynatrace shows 68 percent of CISOs say vulnerability management is more difficult because the complexity of their software supply chain and cloud ecosystem has increased.

Continue reading →

A record 26,448 software security flaws were reported by CISA last year, with the number of critical vulnerabilities (CVEs) up 59 percent from 2021 at 4,135.

The 2023 Annual Threat Intelligence Report, from the Deepwatch Adversary Tactics and Intelligence (ATI) team, also shows that the conflict between Ukraine and Russia has unleashed a flurry of amateur and state-sponsored attacks and breaches on organizations and critical infrastructure.

Continue reading →

Thanks to increased cloud and container use there's a growing demand for machine identities, but delivering and managing those identities can present problems.

Machine ID specialist Venafi is launching a new tool called Firefly that enables security teams to easily and securely meet developer-driven machine identity management requirements for cloud native workloads by issuing machine identities, such as TLS and SPIFFE, locally and quickly across any environment.

Continue reading →

In recent years supply chain attacks have become much more commonplace, targeting vulnerabilities and getting legitimate apps to distribute malware.

We spoke to Nir Valtman, CEO and founder at Arnica, to discuss the issues these attacks raise and how organizations can defend against them.

Continue reading →

Historically, security has been treated as something as an afterthought in the IT industry. In more recent years though there has been pressure to introduce 'security by design' to ensure that products are developed with best practices in mind.

We spoke to David Melamed CTO of Jit to find out about integrating security and how security tools can be used by developers not just security professionals.

Continue reading →

When preparing for modernization, 70 percent of companies are confident or very confident in their understanding of their applications.

However, a new report from EvolveWare shows the high confidence level drops as companies plan their modernization project (41 percent) and begin their project (28 percent), suggesting that organizations only start to understand the level of knowledge needed for these efforts after they are further into their planning or execution.

Continue reading →

With more and more organizations turning to the cloud and cloud-native application development, AppSec teams face a mounting challenge to keep pace with their development counterparts.

To address this, Backslash Security is launching a new solution to provide unified code and cloud-native security by correlating cloud context to code risk, backed by automated threat modeling, code risk prioritization, and simplified remediation across applications and teams.

Continue reading →