Software supply chain security is at the top of a lot of agendas at the moment, more so since the Log4j vulnerability was discovered and since the US Executive Order on cybersecurity.

Google is seeking contributors to a new open source project called GUAC (Graph for Understanding Artifact Composition), which although in its early stages yet is poised to change how the industry understands software supply chains.

Continue reading →

More than half (53 percent) of DevOps professionals in a new study say they will consider multicloud architecture to reduce reliance on a specific cloud provider.

The survey of over 700 development professionals and leaders from Techstrong Research finds that the cloud landscape is changing as buyers increasingly put the developer experience on the same footing as core technical and performance capabilities of cloud infrastructure services.

Continue reading →

A year ago we reported on the demise of Microsoft Silverlight and how OpenSilver offered an alternative for those still wanting to run Silverlight apps.

The OpenSilver developers haven't been idle in the meantime and today sees the launch of version 1.1. This allows 99.99 percent reuse of the Silverlight codebase and also guarantees an almost pixel perfect migration.

Continue reading →

Open source has gained enterprise popularity for its decentralized, collaborative approach to software development. By bringing large groups of developers together, it can boost efficiency, visibility and drive the adoption of new technologies.

However, taking a full open-source approach might not be the best fit for smaller enterprises. Dr. William Bain, founder and CEO of ScaleOut Software, cautions that the costs and legal risks associated with going full open source may be too great for smaller software companies. Instead, he recommends a hybrid open and closed-source model, we talked to him to learn more.

Continue reading →

Every year, thousands of code vulnerabilities are discovered, patched and publicly disclosed to improve security for current and potential users.

But many of these vulnerabilities share common features, so what can developers do to write better code that prevents vulnerabilities from entering their apps and services in the first place? We talked to Johannes Dahse, head of R&D at clean code specialist SonarSource, to find out. 

Continue reading →

According to a new report 81 percent of organizations have experienced a cloud-related security incident over the last 12 months, with almost half (45 percent) suffering at least four incidents.

The findings, from machine identity management specialist Venafi, reveal that the underlying issue for these security incidents is a dramatic increase in security and operational complexity connected with cloud deployments.

Continue reading →

Digital transformation is still seen as a priority by many enterprises, but research for low-code application development platform, Toca, reveals the extent of the challenges faced by IT teams in delivering these projects.

Budget constraints, a lack of collaboration across the wider business, legacy systems, a shortage of developers and integration challenges are seen as the top five barriers to transformation initiatives.

Continue reading →

New data reveals a significant increase in activities to secure open source components and integrate security into developer toolchains in order to protect the software supply chain.

The 13th edition of the Building Security In Maturity Model (BSIMM) report from Synopsys analyzes the software security practices of 130 organizations -- including Adobe, PayPal and Lenovo -- in their efforts to secure more than 145,000 applications built and maintained by nearly 410,000 developers.

Continue reading →

Over three-quarters (76 percent) of respondents in a new survey have suffered an API security incident in the last 12 months, primarily caused by dormant/zombie APIs, authorization vulnerabilities, and web application firewalls.

The research from Noname Security also shows that 74 percent of cybersecurity professionals don’t have a complete API inventory or know which APIs return sensitive data.

Continue reading →

Organizations are losing thousands of hours in time and productivity dealing with a massive backlog of vulnerabilities that they have neither the time or resources to tackle effectively, according to a new report.

The State of Vulnerability Management in DevSecOps report from vulnerability management platform Rezilion and the Ponemon Institute, shows 47 percent of security leaders report that they have a backlog of applications that have been identified as vulnerable.

Continue reading →

Many companies are currently undertaking digital transformation projects, but while customers are quick to embrace the benefits of a customer experience reshaped by technology they have little patience when that technology doesn't work as expected.

To allow teams to define, monitor and manage modern app stacks to ensure they meet service level objectives (SLOs), Sumo Logic is launching a Reliability Management tool.

Continue reading →

A new study reveals that 40 percent of respondents don't know whether their development teams are behind or ahead of schedule, and 27 percent say they have trouble following the teams' progress to ensure they are meeting their goals.

The research from Couchbase, based on a survey of 650 senior IT decision makers, shows 88 percent of respondents are aware of the challenges faced by development teams.

Continue reading →

Pentest as a Service (PtaaS) company Cobalt is today launching Agile Pentesting, a new offering that provides more control and flexibility to better meet the needs of businesses through versatile, ad hoc testing.

Agile Pentesting allows organizations to identify and address vulnerabilities at a faster, more frequent rate to minimize risk. This contrasts with what Cobalt calls 'comprehensive pentesting', which is often done in support of business drivers like compliance or M&A activity, the new offering helps accelerate customers' DevOps journeys while aligning with their CI/CD pipelines.

Continue reading →

Spending on cloud services is showing no sign of slowing down, but IT and security leaders are realizing that applications need to have high availability and strong performance in order to be effective.

Application experience management is therefore becoming a key element of enterprise strategy. We spoke to Jason Dover, VP product strategy at Progress, to find out why.

Continue reading →

A new study from Symantec's Threat Hunter team looks at how upstream supply chain issues can make their way into mobile apps, making them vulnerable.

Issues identified include mobile app developers unknowingly using vulnerable external software libraries and SDKs, as well as companies outsourcing the development of their mobile apps then ending up with vulnerabilities that put them at risk.

Continue reading →