Articles about Development

Many organizations rely on platform engineering to introduce automation, self-service capabilities, and streamlined workflows into software development.

But a new report from Forrester for digital experience specialist the Qt Group finds that 63 percent of embedded software from organizations with a platform engineering strategy is still created using custom, ad hoc solutions.

Continue reading →

Enterprises are increasingly looking to software bills of materials (SBOM) to understand the components inside the tech products they use in order to secure their software supply chain.

But do SBOMs really provide value? And how can they be used more effectively? We talked to Varun Badhwar, CEO and co-founder of Endor Labs, to find out the keys to using SBOMs successfully.

Continue reading →

The UK government has announced the launch of a new scheme that will encourage the building of new generative AI tools to help teachers when they’re planning lessons or marking homework.

This will involve the creation of a 'data store' for education data including the national curriculum, guidance for teachers, lesson plans and more. The £3m ($3.96m) data store will help tech companies build AI tools that teachers can trust to help in their work by making this data machine readable.

Continue reading →

New research from Legit Security shows that widely available GenAI development services risk sensitive information exposure, or leakage of secrets.

Legit's analysis of unprotected vector databases finds that 30 servers investigated contained corporate or private data, including company email conversations, customer PII, product serial numbers, financial records, resumes, and contact information.

Continue reading →

Over the past few years, technology teams have split into smaller work groups with more focused tasks. The rise of the cloud has created the need for DevOps teams, and the gap has grown wider between teams that build products and teams that manage products.

At the same time, applications have become dramatically more complicated. This has given rise to specialized site reliability engineers who are well-versed in monitoring all application components, including APIs. However, focusing API resilience in one team has allowed organizations to treat the symptoms rather than the underlying problem.

Continue reading →

A new study shows 91 percent of organizations are concerned about the expanded exposure footprint across non-production environments (including software development, testing, and data analytics).

Once a production dataset is copied many times over into non-production environments, more workers have access to it and the data is no longer subject to the same strict security controls.

Continue reading →

Organizations urgently need to modernize their application security practices so that they can support growth and mitigate risks according to a new report.

Thew study from Legit Security and TechTarget's Enterprise Strategy Group (ESG) finds nearly all organizations reporting difficulties in fixing vulnerabilities after applications are deployed, reinforcing the significance of incorporating security processes and tools in the build process.

Continue reading →

CISOs are under the microscope to prove they can reduce vulnerabilities in the software development life cycle -- particularly, that they can do so from the start of code creation. As such, CISOs are searching for the most effective way to ensure the security awareness of their developers before they take on the responsibility of writing and introducing code.

Secure Code Warrior's co-founder and CTO, Matias Madou, believes that a 'gatekeeping' standard -- where developers are incrementally given access to more sensitive projects -- is the key to building a strong foundation for secure coding processes.

Continue reading →

A new study from Checkmarx shows that 99 percent of enterprises are using AI code generation tools, yet only 29 percent have established any form of governance.

The survey of 900 CISOs and application security professionals worldwide finds 15 percent of respondents have explicitly prohibited the use of AI tools for code generation within their organizations.

Continue reading →

It's essential for businesses to get security, privacy and governance right -- not only to prevent breaches, but also comply with increasing numbers of regulations.

DevOps Research and Assessment (DORA) best practices are the gold standard for spotting vulnerabilities across both cloud and mainframe environments and improving development efficiency.

Continue reading →

Although software supply chain breaches are increasing, a new study from JFrog finds that only 30 percent of respondents identified the need to address vulnerabilities in their software supply chain as a top security concern.

It also uncovers a disconnect between management and developers. 92 percent of executives claim their organizations possess tools to detect malicious open-source packages, while only 70 percent of developers think the same.

Continue reading →

Artificial intelligence is making its way into many areas of business and IT. Software development is just one area where it's starting to have a major impact on productivity and working patterns.

To learn more we spoke to Varun Mohan, CEO of AI coding assistant Codeium, which uses proprietary large language models (LLMs) to aid with software development and has recently announced a $65 million funding round.

Continue reading →

A new study from Checkmarx reveals that 63 percent of organizations surveyed have been victims of a supply chain attack in the last two years, while 18 percent have suffered an attack in the last year.

Even more worrying is that that 100 percent of the large enterprises represented by 900 AppSec professionals responding from the United States, Europe and Asia-Pacific have been the victims of a software supply chain attack at some point.

Continue reading →

Enterprise secrets could be inadvertently leaking via GitHub repositories, according to new research from Aqua Security.

By scanning the most popular 100 organizations on Github, which collectively includes more than 50,000 publicly accessible repositories, Aqua researchers found active secrets from open source organizations and enterprises such as Cisco and Mozilla providing access to sensitive data and software. The exposed secrets could lead to significant financial losses, reputational damage, and legal consequences.

Continue reading →

Developers working on the PowerToys collection of utilities have a lot of exciting things in the pipeline for eager users. Building on the New entry in the Windows content menu, New+ is a module that, in the words of its main developer, Christian Gaardmark, "enables users to create files and folders from a personalized set of templates".

As there are already numerous third party utilities that extend the capabilities of the New menu, there is clearly an appetite for the likes of New+. It's aimed at Windows power-users, developers and, over time, also regular users who find themselves often creating files or folders that contain similar content, such as VS Code development projects, job applications and cover letters, scripts, etc and it already looks incredibly intriguing.

Continue reading →