Articles about Development

Every year, thousands of code vulnerabilities are discovered, patched and publicly disclosed to improve security for current and potential users.

But many of these vulnerabilities share common features, so what can developers do to write better code that prevents vulnerabilities from entering their apps and services in the first place? We talked to Johannes Dahse, head of R&D at clean code specialist SonarSource, to find out. 

Continue reading →

According to a new report 81 percent of organizations have experienced a cloud-related security incident over the last 12 months, with almost half (45 percent) suffering at least four incidents.

The findings, from machine identity management specialist Venafi, reveal that the underlying issue for these security incidents is a dramatic increase in security and operational complexity connected with cloud deployments.

Continue reading →

Digital transformation is still seen as a priority by many enterprises, but research for low-code application development platform, Toca, reveals the extent of the challenges faced by IT teams in delivering these projects.

Budget constraints, a lack of collaboration across the wider business, legacy systems, a shortage of developers and integration challenges are seen as the top five barriers to transformation initiatives.

Continue reading →

New data reveals a significant increase in activities to secure open source components and integrate security into developer toolchains in order to protect the software supply chain.

The 13th edition of the Building Security In Maturity Model (BSIMM) report from Synopsys analyzes the software security practices of 130 organizations -- including Adobe, PayPal and Lenovo -- in their efforts to secure more than 145,000 applications built and maintained by nearly 410,000 developers.

Continue reading →

Over three-quarters (76 percent) of respondents in a new survey have suffered an API security incident in the last 12 months, primarily caused by dormant/zombie APIs, authorization vulnerabilities, and web application firewalls.

The research from Noname Security also shows that 74 percent of cybersecurity professionals don’t have a complete API inventory or know which APIs return sensitive data.

Continue reading →

Organizations are losing thousands of hours in time and productivity dealing with a massive backlog of vulnerabilities that they have neither the time or resources to tackle effectively, according to a new report.

The State of Vulnerability Management in DevSecOps report from vulnerability management platform Rezilion and the Ponemon Institute, shows 47 percent of security leaders report that they have a backlog of applications that have been identified as vulnerable.

Continue reading →

Many companies are currently undertaking digital transformation projects, but while customers are quick to embrace the benefits of a customer experience reshaped by technology they have little patience when that technology doesn't work as expected.

To allow teams to define, monitor and manage modern app stacks to ensure they meet service level objectives (SLOs), Sumo Logic is launching a Reliability Management tool.

Continue reading →

A new study reveals that 40 percent of respondents don't know whether their development teams are behind or ahead of schedule, and 27 percent say they have trouble following the teams' progress to ensure they are meeting their goals.

The research from Couchbase, based on a survey of 650 senior IT decision makers, shows 88 percent of respondents are aware of the challenges faced by development teams.

Continue reading →

Pentest as a Service (PtaaS) company Cobalt is today launching Agile Pentesting, a new offering that provides more control and flexibility to better meet the needs of businesses through versatile, ad hoc testing.

Agile Pentesting allows organizations to identify and address vulnerabilities at a faster, more frequent rate to minimize risk. This contrasts with what Cobalt calls 'comprehensive pentesting', which is often done in support of business drivers like compliance or M&A activity, the new offering helps accelerate customers' DevOps journeys while aligning with their CI/CD pipelines.

Continue reading →

Spending on cloud services is showing no sign of slowing down, but IT and security leaders are realizing that applications need to have high availability and strong performance in order to be effective.

Application experience management is therefore becoming a key element of enterprise strategy. We spoke to Jason Dover, VP product strategy at Progress, to find out why.

Continue reading →

A new study from Symantec's Threat Hunter team looks at how upstream supply chain issues can make their way into mobile apps, making them vulnerable.

Issues identified include mobile app developers unknowingly using vulnerable external software libraries and SDKs, as well as companies outsourcing the development of their mobile apps then ending up with vulnerabilities that put them at risk.

Continue reading →

Application security is becoming mainstream, and that's a good thing as it means that security testing is becoming an embedded aspect of the software development life cycle (SDLC). It also means that automated security testing tools are becoming faster, more sophisticated, and better integrated, so they're less likely to slow down developers or burden them with too many trivial findings or false positives.

But as good and necessary as AppSec testing tools are, it's not nearly enough simply to buy them and run them -- you need to buy the right ones and configure them correctly so that they help build security into your SDLC without bogging it down. It's important to implement a security strategy and a plan. It’s also important to employ developers with the skills to build trust into your software -- a concept known as 'holistic AppSec'.

Continue reading →

Nearly three-quarters of respondents to a new survey have adopted -- or plan to adopt within a year -- a DevOps platform in order to meet rising industry expectations around security, compliance, toolchain consolidation, and faster software delivery.

The study from GitLab shows security has overtaken even cloud computing as the number one investment area across DevOps teams at global organizations.

Continue reading →

Only 22 percent of organizations have developed a formal DevSecOps strategy integrating security into software development lifecycle processes, according to a new report.

But the study from Mezmo shows an overwhelming percentage of those that do have a strategy report a positive impact on accelerating incident detection (95 percent) and response (96 percent) efforts.

Continue reading →

The Log4j vulnerability first hit the headlines in December last year. Since then we've heard less about it, but it hasn't gone away, like most vulnerabilities it has a long tail.

A recent report from the Cybersecurity Safety Review Board takes a comprehensive look at the vulnerability and what can be learned from it.

Continue reading →