Articles about Development

A new survey shows that 76 percent of respondents consider building human-centric applications more important than it was two years ago, driven by a combination of business considerations and cultural shifts.

The survey, of over 700 application developers and IT decision-makers, from infrastructure software company Progress shows a gap between intentions and actions, however. 98 percent of respondents say human-centric app development is important, but only 34 percent are currently addressing the issue through tools, training and policy.

Continue reading →

While Windows Subsystem for Linux is widely recognized as being one of Microsoft most impressive achievements in recent times, WSL is not without its flaws.

Now in its second iteration, WSL makes it possible to install Linux distros within Windows 11 but it has a major obstacle that is stopping it gaining mass appeal -- it remains a text-based tool. But this could be about to change. Microsoft is exploring the possibility of introducing a new GUI to simplify the installation and management of distros.

Continue reading →

Bug bounty and penetration testing programs are often grouped as interchangeable, but they perform distinct functions.

To determine whether both deserve a place within a cybersecurity strategy, it is important to understand their specific qualities and how they have matured over recent years. We spoke to Chris Campbell, lead solutions engineer at HackerOne, to learn more.

Continue reading →

There is just about no field of technology that is not somehow being enhanced by artificial intelligence. Microsoft has already shown its own love of AI by introducing it to various aspects of Windows and other products, and the latest release from the company is .NET Smart Components.

These are described as "AI-powered UI controls" that Microsoft says can be quickly and easily add to .NET apps. Billed, unsurprisingly, as "genuinely useful", the company says the components remove the need to "spend weeks of dev time redesigning your UX or researching machine learning and prompt engineering".

Continue reading →

While Microsoft is keen on deprecating features and apps, it has also been engaged in injecting new life into legacy apps in recent years -- just look at how Paint has evolved, for instance. The company has also been slowly but surely updating another software stalwart, Notepad.

Having already added a tabbed interface, an auto-save feature and, of course, a dash of AI, Microsoft is a now set to add a spell checking. It does not end there, though. In addition to a highly customizable spell checker, there will also be an autocorrect feature -- and considerations have been made for developers and coders.

Continue reading →

Friction and lack of communication between development and security teams can lead to problems in software development and testing.

How can we bridge the gap between developer and security teams and help them see that they have common goals? We spoke to Scott Gerlach, CSO and co-founder of StackHawk, the company making web application and API security testing part of software delivery, to find out.

Continue reading →

Over the years, security vendors have pushed companies to integrate their tools into the DevOps pipeline with the promise of being able to move faster and be more secure.

However, as businesses have matured their DevSecOps practices the more they have been hit by mountains of reported vulnerabilities and problems that have slowed them down. So, has DevSecOps failed in its promise? We talked to Eitan Worcel, CEO at Mobb, to find out.

Continue reading →

The biggest software development challenge in 2024 will be incorporating AI into the development process, according to a new report.

The Reveal survey of 585 software developers and IT professionals from Infragistics shows 40.7 percent name this as the top challenge followed by high workload (29.6 percent) and increased customer demands (29.2 percent).

Continue reading →

When OpenTelemetry was first released in 2019, there was a good deal of excitement about the prospect of a single standard set of telemetry data for the entire modern software stack.

OpenTelemetry set out to make robust, portable telemetry a built-in feature of cloud-native software, and give developers and platform engineers a common mental model for all the telemetry types.

Continue reading →

A new study reveals that 92 percent of companies surveyed had experienced a breach in the past year due to vulnerabilities of applications developed in-house.

The report from Checkmarx shows that in recent years the responsibility for application security has shifted away from dedicated security teams and is now shared between AppSec managers and developers.

Continue reading →

The percentage of codebases with high-risk open source vulnerabilities -- those that have been actively exploited, have documented proof-of-concept exploits or are classified as remote code execution vulnerabilities -- increased from 48 percent in 2022 to 74 percent in 2023, according to new research.

The Open Source Security and Risk Analysis (OSSRA) report from Synopsys is based on findings from more than 1,000 commercial codebase audits across 17 industries. While codebases containing at least one open source vulnerability remain consistent year-on-year at 84 percent, significantly more codebases contained high-risk vulnerabilities in 2023.

Continue reading →

A new report from Veracode shows that software security debt -- flaws that have gone unfixed for over a year -- is found in 42 percent of applications.

Although the number of high-severity flaws has reduced 70.8 percent of organizations still suffer from security debt. 45.9 percent have critical security debt, that is high-severity flaws that have been unfixed for 12 months or more.

Continue reading →

The overwhelming majority of organizations (91 percent) have experienced a software supply chain incident in the past 12 months, according to a new report.

The study from Data Theorem and the Enterprise Strategy Group surveyed over 350 respondents from private- and public-sector organizations in the US and Canada across cybersecurity professionals, application developers and IT professionals.

Continue reading →

A new report from cloud security company Sysdig reveals that many businesses are indulging in the dangerous practice of putting convenience before preventive security in pursuit of faster application development.

"Attackers are leveraging automation to exploit every point of weakness they can uncover," says Crystal Morin, cybersecurity strategist at Sysdig. "This year's report shows that many companies are chasing faster innovation at the cost of more comprehensive security -- a gamble that poses real business risks."

Continue reading →

A new report from software engineering specialist LinearB looks at the effects of generative AI on code creation and delivery.

Gen AI is predicted to generate one in five lines of code by the end of this year and the study of over 150 tech leaders sets out to understand how organizations can measure the effects of Gen AI on their code.

Continue reading →