Articles about Development

A new report from Orca Security highlights that, as organizations invest in AI innovation, most of them are doing so without regard for security.

The report uncovers a wide range of AI risks, including exposed API keys, overly permissive identities, misconfigurations, and more.

Continue reading →

A new survey of 401 tech professionals from Leapwork shows that only 16 percent of businesses think their current testing practices are efficient.

Interestingly, AI could be making this worse, although 85 percent of total respondents have integrated AI apps into tech stacks in the past year, most (68 percent) have experienced issues with their performance, accuracy, and reliability.

Continue reading →

While AI is often touted as being the solution for all kinds of tasks, when it comes to developing software it seems that it may not always be improving things.

A new study from Uplevel suggests that today's GenAI-based developer tools don't tend to increase coding efficiency and can actually increase bug rates.

Continue reading →

New research released from Endor Labs finds that security patches have a 75 percent chance of breaking an application.

It also shows that 69 percent of vulnerability advisories are published after a patch has been released, with a median delay of 25 days between public patch availability and advisory publication, increasing the window of opportunity for attackers to exploit vulnerable systems.

Continue reading →

Many organizations rely on platform engineering to introduce automation, self-service capabilities, and streamlined workflows into software development.

But a new report from Forrester for digital experience specialist the Qt Group finds that 63 percent of embedded software from organizations with a platform engineering strategy is still created using custom, ad hoc solutions.

Continue reading →

Enterprises are increasingly looking to software bills of materials (SBOM) to understand the components inside the tech products they use in order to secure their software supply chain.

But do SBOMs really provide value? And how can they be used more effectively? We talked to Varun Badhwar, CEO and co-founder of Endor Labs, to find out the keys to using SBOMs successfully.

Continue reading →

The UK government has announced the launch of a new scheme that will encourage the building of new generative AI tools to help teachers when they’re planning lessons or marking homework.

This will involve the creation of a 'data store' for education data including the national curriculum, guidance for teachers, lesson plans and more. The £3m ($3.96m) data store will help tech companies build AI tools that teachers can trust to help in their work by making this data machine readable.

Continue reading →

New research from Legit Security shows that widely available GenAI development services risk sensitive information exposure, or leakage of secrets.

Legit's analysis of unprotected vector databases finds that 30 servers investigated contained corporate or private data, including company email conversations, customer PII, product serial numbers, financial records, resumes, and contact information.

Continue reading →

Over the past few years, technology teams have split into smaller work groups with more focused tasks. The rise of the cloud has created the need for DevOps teams, and the gap has grown wider between teams that build products and teams that manage products.

At the same time, applications have become dramatically more complicated. This has given rise to specialized site reliability engineers who are well-versed in monitoring all application components, including APIs. However, focusing API resilience in one team has allowed organizations to treat the symptoms rather than the underlying problem.

Continue reading →

A new study shows 91 percent of organizations are concerned about the expanded exposure footprint across non-production environments (including software development, testing, and data analytics).

Once a production dataset is copied many times over into non-production environments, more workers have access to it and the data is no longer subject to the same strict security controls.

Continue reading →

Organizations urgently need to modernize their application security practices so that they can support growth and mitigate risks according to a new report.

Thew study from Legit Security and TechTarget's Enterprise Strategy Group (ESG) finds nearly all organizations reporting difficulties in fixing vulnerabilities after applications are deployed, reinforcing the significance of incorporating security processes and tools in the build process.

Continue reading →

CISOs are under the microscope to prove they can reduce vulnerabilities in the software development life cycle -- particularly, that they can do so from the start of code creation. As such, CISOs are searching for the most effective way to ensure the security awareness of their developers before they take on the responsibility of writing and introducing code.

Secure Code Warrior's co-founder and CTO, Matias Madou, believes that a 'gatekeeping' standard -- where developers are incrementally given access to more sensitive projects -- is the key to building a strong foundation for secure coding processes.

Continue reading →

A new study from Checkmarx shows that 99 percent of enterprises are using AI code generation tools, yet only 29 percent have established any form of governance.

The survey of 900 CISOs and application security professionals worldwide finds 15 percent of respondents have explicitly prohibited the use of AI tools for code generation within their organizations.

Continue reading →

It's essential for businesses to get security, privacy and governance right -- not only to prevent breaches, but also comply with increasing numbers of regulations.

DevOps Research and Assessment (DORA) best practices are the gold standard for spotting vulnerabilities across both cloud and mainframe environments and improving development efficiency.

Continue reading →

Although software supply chain breaches are increasing, a new study from JFrog finds that only 30 percent of respondents identified the need to address vulnerabilities in their software supply chain as a top security concern.

It also uncovers a disconnect between management and developers. 92 percent of executives claim their organizations possess tools to detect malicious open-source packages, while only 70 percent of developers think the same.

Continue reading →