Articles about Development

There has been a lot of buzz surrounding the adoption of artificial intelligence. According to a recent report from McKinsey 57 percent of companies are now using AI in at least one function. But how much is hype and how much is built on a sound commercial base?

We spoke to Mike Loukides, VP of emerging tech content at O'Reilly Media and author of O'Reilly Media's widely-cited AI Adoption in the Enterprise report, to discuss the current state of AI and what lies ahead.

Continue reading →

Malicious API traffic has increased 681 percent in the last year, set against a 321 percent increase in overall API traffic.

A new report from API security specialist Salt Security shows 95 percent of surveyed organizations have experienced an API security incident in the past 12 months.

Continue reading →

A new report based on data from more than 100 open source audit projects conducted in 2021 finds that companies are only aware of 17 percent of the open source components they use, an increase of just four percent in the past year.

The 2022 State of the Software Supply Chain Report from Revenera also shows that risks are increasing.

Continue reading →

We increasingly rely on APIs to deliver the smooth sharing of information between applications. But their very functionality and ease of use is also a gift to attackers.

A recent report from Cequence Security shows that 80 percent, or 1.8 billion, blocked attacks between June and December 2021 were found to be API-based. At the same time APIs exposing sensitive data like payment (PCI) or personally identifiable information (PII) have increased by 87 percent.

Continue reading →

DevOps has become the mainstream development culture in recent years, but like other areas of the tech world it continues to evolve.

Add in changes brought about by the pandemic, the Great Resignation, automation and more, and it's clear that the evolution is set to continue. We spoke to Shanea Leven, CEO of CodeSee to find out what changes have already taken place and what the future might hold.

Continue reading →

Most applications are now security scanned around three times a week, compared to just two or three times a year a decade ago.

A new report from Veracode also shows developers now testing more than 17 new applications per quarter -- more than triple the number of apps scanned over the same period a decade ago.

Continue reading →

Developers have a lot to think about in 2022. Security tops the list and, increasingly, developers in the cloud and using Kubernetes need to think about cost too.

We talked to Rob Faraj, co-founder of monitoring tool Kubecost, to find out cultural shifts that organizations and developers need to make to overcome challenges created by the increase in adoption of Kubernetes.

Continue reading →

New research from the Linux Foundation looks at the extent of organizational software bill of materials (SBOM) readiness and adoption tied to cybersecurity efforts.

An SBOM is formal and machine-readable metadata that uniquely identifies a software component and its contents, and it may also include copyright and license data.

Continue reading →

As the internet is increasingly accessed from mobile devices, mobile apps need to be considered as part of a company's security strategy.

A new report from BitSight finds that three out of four mobile applications evaluated contained at least one moderate vulnerability. It also finds material and severe vulnerabilities in some popular apps.

Continue reading →

Software supply chain attacks grew by more than 300 percent in 2021 compared to 2020 as attackers focused on open source vulnerabilities and poisoning, code integrity issues, and exploiting the software supply chain process and supplier trust to distribute malware or backdoors.

According to Aqua Security's Argon Security arm, 2021 Software Supply Chain Security Review, security across software development environments remains low, and significantly, every company evaluated had vulnerabilities and misconfigurations that could expose them to supply chain attacks.

Continue reading →

Since the Log4Shell attack targeting a log4j vulnerability was first uncovered towards the end of last year it's posed a threat to web servers worldwide.

It's a tricky problem to address because doing so means updating software dependencies. Meanwhile attackers are seeking to inject text into log messages or log message parameters, then into server logs which can then load code from a remote server for malicious use, using obfuscation techniques to hide from security software.

Continue reading →

Developers in many organizations are under pressure to produce new applications and updates faster than ever before and this highlights the weaknesses of traditional methods.

Using a low-code approach by contrast allows allows the automation and streamlining of the development lifecycle. We spoke to Brian Sathianathan, the chief technology officer at Iterate.ai, to discover more about low-code and when it is and isn't the best option.

Continue reading →

Artificial intelligence is creeping into more and more areas of technology, increasingly becoming the basis for commercial and other decisions, but bias can find its way in to AI systems and lead to results that are neither fair nor objective.

To prevent bias in AI businesses need to understand the different types of bias that can occur and know what’s needed to address each of them. We spoke to Alix Melchy, VP of AI at Jumio, to find out about the problems AI bias can cause and what enterprises can do about them.

Continue reading →

The use of SaaS-based applications and systems has taken off in recent years, but that surge has highlighted a problem in the form of a lack of standardization for software descriptions across all types of systems.

This makes it much harder for IT teams to assess vulnerability levels across all the packages in an enterprise. But what risks does this pose and how can businesses tackle the problem? We spoke with Peter Lund, VP at operational technology cybersecurity company Industrial Defender, to discover more.

Continue reading →

APIs are designed to be fast and easy pipelines between different platforms. They offer convenience and user experience which makes APIs essential to many businesses, but it also makes them attractive targets for cybercriminals.

A new report from Akamai, produced in collaboration with Veracode, highlights the frustrating pattern of API vulnerabilities, despite improvements that have been made in software development life cycles (SDLCs) and testing tools.

Continue reading →