Articles about Development

New data reveals a significant increase in activities to secure open source components and integrate security into developer toolchains in order to protect the software supply chain.

The 13th edition of the Building Security In Maturity Model (BSIMM) report from Synopsys analyzes the software security practices of 130 organizations -- including Adobe, PayPal and Lenovo -- in their efforts to secure more than 145,000 applications built and maintained by nearly 410,000 developers.

Continue reading →

Over three-quarters (76 percent) of respondents in a new survey have suffered an API security incident in the last 12 months, primarily caused by dormant/zombie APIs, authorization vulnerabilities, and web application firewalls.

The research from Noname Security also shows that 74 percent of cybersecurity professionals don’t have a complete API inventory or know which APIs return sensitive data.

Continue reading →

Organizations are losing thousands of hours in time and productivity dealing with a massive backlog of vulnerabilities that they have neither the time or resources to tackle effectively, according to a new report.

The State of Vulnerability Management in DevSecOps report from vulnerability management platform Rezilion and the Ponemon Institute, shows 47 percent of security leaders report that they have a backlog of applications that have been identified as vulnerable.

Continue reading →

Many companies are currently undertaking digital transformation projects, but while customers are quick to embrace the benefits of a customer experience reshaped by technology they have little patience when that technology doesn't work as expected.

To allow teams to define, monitor and manage modern app stacks to ensure they meet service level objectives (SLOs), Sumo Logic is launching a Reliability Management tool.

Continue reading →

A new study reveals that 40 percent of respondents don't know whether their development teams are behind or ahead of schedule, and 27 percent say they have trouble following the teams' progress to ensure they are meeting their goals.

The research from Couchbase, based on a survey of 650 senior IT decision makers, shows 88 percent of respondents are aware of the challenges faced by development teams.

Continue reading →

Pentest as a Service (PtaaS) company Cobalt is today launching Agile Pentesting, a new offering that provides more control and flexibility to better meet the needs of businesses through versatile, ad hoc testing.

Agile Pentesting allows organizations to identify and address vulnerabilities at a faster, more frequent rate to minimize risk. This contrasts with what Cobalt calls 'comprehensive pentesting', which is often done in support of business drivers like compliance or M&A activity, the new offering helps accelerate customers' DevOps journeys while aligning with their CI/CD pipelines.

Continue reading →

Spending on cloud services is showing no sign of slowing down, but IT and security leaders are realizing that applications need to have high availability and strong performance in order to be effective.

Application experience management is therefore becoming a key element of enterprise strategy. We spoke to Jason Dover, VP product strategy at Progress, to find out why.

Continue reading →

A new study from Symantec's Threat Hunter team looks at how upstream supply chain issues can make their way into mobile apps, making them vulnerable.

Issues identified include mobile app developers unknowingly using vulnerable external software libraries and SDKs, as well as companies outsourcing the development of their mobile apps then ending up with vulnerabilities that put them at risk.

Continue reading →

Application security is becoming mainstream, and that's a good thing as it means that security testing is becoming an embedded aspect of the software development life cycle (SDLC). It also means that automated security testing tools are becoming faster, more sophisticated, and better integrated, so they're less likely to slow down developers or burden them with too many trivial findings or false positives.

But as good and necessary as AppSec testing tools are, it's not nearly enough simply to buy them and run them -- you need to buy the right ones and configure them correctly so that they help build security into your SDLC without bogging it down. It's important to implement a security strategy and a plan. It’s also important to employ developers with the skills to build trust into your software -- a concept known as 'holistic AppSec'.

Continue reading →

Nearly three-quarters of respondents to a new survey have adopted -- or plan to adopt within a year -- a DevOps platform in order to meet rising industry expectations around security, compliance, toolchain consolidation, and faster software delivery.

The study from GitLab shows security has overtaken even cloud computing as the number one investment area across DevOps teams at global organizations.

Continue reading →

Only 22 percent of organizations have developed a formal DevSecOps strategy integrating security into software development lifecycle processes, according to a new report.

But the study from Mezmo shows an overwhelming percentage of those that do have a strategy report a positive impact on accelerating incident detection (95 percent) and response (96 percent) efforts.

Continue reading →

The Log4j vulnerability first hit the headlines in December last year. Since then we've heard less about it, but it hasn't gone away, like most vulnerabilities it has a long tail.

A recent report from the Cybersecurity Safety Review Board takes a comprehensive look at the vulnerability and what can be learned from it.

Continue reading →

According to a new study 93 percent of enterprise IT leaders say the application modernization process is challenging due to staffing, tools, training and other issues.

The survey from Asperitas finds 30 percent of IT leaders say identifying the right tools and technologies is the most difficult part of the process, while 20 percent say it's finding staff with the right experience.

Continue reading →

More than 80 percent of organizations do not have the necessary visibility and control over their machine learning models or how they're deployed throughout the ML model development lifecycle.

To deal with this problem, Iterative has built an open-source model registry solution that allows teams to easily manage models with full context around model lineage, version, production status, data used to train the model, and more.

Continue reading →

While banks are investing in technology solutions to meet increasing demands, a new study shows that 61 percent prefer to build their own technology stack, rather than buy technology solutions from a third party.

The study from IT services company NTT DATA surveyed 900 senior banking respondents across 12 countries and examines the state of corporate banking following the COVID-19 pandemic.

Continue reading →