Articles about Development

Software supply chain attacks grew by more than 300 percent in 2021 compared to 2020 as attackers focused on open source vulnerabilities and poisoning, code integrity issues, and exploiting the software supply chain process and supplier trust to distribute malware or backdoors.

According to Aqua Security's Argon Security arm, 2021 Software Supply Chain Security Review, security across software development environments remains low, and significantly, every company evaluated had vulnerabilities and misconfigurations that could expose them to supply chain attacks.

Continue reading →

Since the Log4Shell attack targeting a log4j vulnerability was first uncovered towards the end of last year it's posed a threat to web servers worldwide.

It's a tricky problem to address because doing so means updating software dependencies. Meanwhile attackers are seeking to inject text into log messages or log message parameters, then into server logs which can then load code from a remote server for malicious use, using obfuscation techniques to hide from security software.

Continue reading →

Developers in many organizations are under pressure to produce new applications and updates faster than ever before and this highlights the weaknesses of traditional methods.

Using a low-code approach by contrast allows allows the automation and streamlining of the development lifecycle. We spoke to Brian Sathianathan, the chief technology officer at Iterate.ai, to discover more about low-code and when it is and isn't the best option.

Continue reading →

Artificial intelligence is creeping into more and more areas of technology, increasingly becoming the basis for commercial and other decisions, but bias can find its way in to AI systems and lead to results that are neither fair nor objective.

To prevent bias in AI businesses need to understand the different types of bias that can occur and know what’s needed to address each of them. We spoke to Alix Melchy, VP of AI at Jumio, to find out about the problems AI bias can cause and what enterprises can do about them.

Continue reading →

The use of SaaS-based applications and systems has taken off in recent years, but that surge has highlighted a problem in the form of a lack of standardization for software descriptions across all types of systems.

This makes it much harder for IT teams to assess vulnerability levels across all the packages in an enterprise. But what risks does this pose and how can businesses tackle the problem? We spoke with Peter Lund, VP at operational technology cybersecurity company Industrial Defender, to discover more.

Continue reading →

APIs are designed to be fast and easy pipelines between different platforms. They offer convenience and user experience which makes APIs essential to many businesses, but it also makes them attractive targets for cybercriminals.

A new report from Akamai, produced in collaboration with Veracode, highlights the frustrating pattern of API vulnerabilities, despite improvements that have been made in software development life cycles (SDLCs) and testing tools.

Continue reading →

A new study shows that 70 percent of respondents 'frequently' or 'always' complete projects without carrying out all security steps, due to tight timelines and pressure to innovate.

The report from Invicti Security also shows that 78 percent of development and security respondents have suffered increased stress levels this year and 73 percent have actually considered quitting their job because of it.

Continue reading →

Development of PowerShell continues apace, and Microsoft has just pushed out a new release candidate with a fairly lengthy changelog.

PowerShell 7.2.0 RC1 is available for Windows, macOS and Linux, and over the coming days and weeks it will undergoing further testing and refinement before it is marked as being a final release. The release candidate includes various changes and fixes including using a newer version of .NET and addressing an RPM packaging issue.

Continue reading →