ONCD asks software manufacturers to adopt memory safe languages
Tuesday, March 5, 2024 by Richard Harris
The White House Office of the National Cyber Director (ONCD) has released a new report asking software manufacturers to adopt memory-safe programming languages to help reduce vulnerabilities from entering the supply chain.
"For thirty-five years, memory safety vulnerabilities have plagued the digital ecosystem, but it doesn’t have to be this way. This repo...
2021 Coding Week recap from industry experts
Monday, September 20, 2021 by Richard Harris
National Coding Week takes place during September 13 - September 19 and it is a great time to engage everyone into coding in a fun and easy way. According to an article from National Today, "92 percent of executives believe American workers are not as skilled as they need to be." National Coding Week is a perfect opportunity for improving your coding skills to...
Software engineer happiness matters
Tuesday, February 19, 2019 by Bart Copeland
In the never-ending quest for greater developer productivity, security and compliance usually seem like monkey wrenches in the machinery. These aspects of development are essential, but they can slow down the flow of work and frustrate developers.
Security and compliance dog the whole software development process, from the too-often-forgotten build engineering team, ...
IAST supports AppSec efficiencies while cutting costs and headaches
Monday, November 26, 2018 by Asma Zubair
It’s easy to feel passionate about interactive application security testing (IAST) in the world of application security. You see, IAST makes security testing almost invisible. It’s not something that requires a highly trained team to be brought in to carry out and analyze testing results. It doesn’t hold up other teams or processes from moving forward....
Tidelift surpasses $1M to pay open source software maintainers
Friday, September 21, 2018 by Christian Hargrave
Tidelift announced that it has surpassed one million dollars committed via its platform to pay open source software maintainers to provide professional assurances for their projects, as momentum behind this new approach to professional open source continues to build. Over 100 packages are already on the Tidelift platform, with maintainers getting paid to provide support...
Open Source security comes to GitHub
Thursday, August 16, 2018 by Richard Harris
Sonatype announced Sonatype DepShield, a new GitHub application that enables developers to experience basic open source security governance, free of charge. Powered by Sonatype’s OSS Index, DepShield integrates directly into GitHub repositories and allows developers to easily identify and avoid using open source components with known vulnerabilities.
“The...
Key takeaways from CA Technologies Built to Change Summit 2018
Friday, June 8, 2018 by Christian Hargrave
The CA Technologies’ 2nd annual Built to Change Summit(BTC) lead to the release of a whole bunch of exciting new technology and research projects pertaining to DevOps, GDPR regulations, Agile project management, and more. The overall theme of the event being to make their development platforms “frictionless” for their users, allowing them to create and...
DevOps practices more likely to integrate automated security
Saturday, April 21, 2018 by Christian Hargrave
Sonatype published findings from its 5th annual DevSecOps Community Survey of 2,076 IT professionals. The survey shares practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions. Survey respondents with mature DevOps practices were 338% more likely to integrate automated security than organizations with no DevOps pra...
Why developers run away from security updates
Monday, April 16, 2018 by Richard Harris
Veracode, Inc. has released new data that shines a light on the discrepancy between component security and hygiene. According to the research conducted with Vanson Bourne, only 52 percent of developers using commercial or open source components in their applications update those components when a new security vulnerability is announced. This highlights organizations’ la...
Sonatype expands firewall to stop dev vulnerabilities
Friday, March 9, 2018 by Christian Hargrave
Sonatype has announced that the Nexus Firewall is now available to support the more than 10 million developers currently using the open source version of Nexus Repository. Previously only available to commercial users of Nexus Repository Pro, the newest version of Nexus Firewall gives all Nexus Repo users the ability to automatically stop vulnerable open source componen...
How NGINX could overpower Microsoft soon
Thursday, April 13, 2017 by Richard Harris
In 2016, NGINX experienced their largest gains as a web server vendor, having increased by 4.8 million active sites and 2.85 percentage points. Netcraft believes that if these trends continue in 2017, NGINX could possibly overtake Microsoft as the second largest vendor in the second half of the year.In a recent conversation with Faisal Memon, Product Marketing at NGINX,...
WhiteSource Bolt detects vulnerable open source components
Thursday, March 30, 2017 by Richard Harris
WhiteSource, a continuous open source security and compliance management company, has announced the launch of a new open source management tool integrated within the Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS) platforms - the WhiteSource Bolt (Bolt).Bolt is fully immersed within the VSTS and TFS products, so users can detect vulnerable ...
Infragistics Ships Ultimate 16.2
Tuesday, November 1, 2016 by Christian Hargrave
Infragistics has announced the launch of Infragistics Ultimate 16.2, its enterprise-ready web, mobile and desktop user interface development suite. The release features a broad range of updates to Infragistics Ignite UI control set for building modern web apps with Angular, React and ASP.NET MV; as well as adding full support for Angular 2 and ASP.NET Core; and charts a...
Why software is no longer being written from scratch
Tuesday, November 1, 2016 by Richard Harris
Application developers are increasingly reliant on open source component parts because pre-fabricated components speed up innovation and save developers the time (and money) of having to write code from scratch.But with 6.1% of component downloads containing a known security vulnerability it’s inevitable that defective parts will make their way into production – especia...
The Linux Foundation and edX announce free DevOps course
Friday, October 28, 2016 by Richard Harris
The Linux Foundation has announced its newest Massive Open Online Course (MOOC) is available for registration. The course, LFS161x - Introduction to DevOps: Transforming and Improving Operations, is offered through edX, the nonprofit online learning platform launched in 2012 by Harvard University and Massachusetts Institute of Technology (MIT). The course is free and wi...
The use of vulnerable open source components putting more software at risk
Tuesday, October 18, 2016 by Richard Harris
Veracode has released the findings in its annual State of Software Security Report (SoSS). The seventh edition of the report presents metrics drawn from code-level analysis of billions of lines of code across 300,000 assessments performed over the last 18 months. The report revealed that the continued and persistent use of components in software development is creating ...
WhiteSource Releases Tool to Evaluate Security of Open Source Components
Wednesday, June 8, 2016 by Stuart Parkerson
WhiteSource has launched a new Selection Tool plug-in providing developers with the ability to identify vulnerable or problematic open source components at the early stages of coding. The browser plug-in allows developers to see full information about specific libraries they wish to use and check if the components meet their company’s open source policies. Th...
JFrog Xray Offers Visibility for Container Images, Software Packages and Binary Artifacts
Wednesday, May 25, 2016 by Stuart Parkerson
JFrog has announced the launch of JFrog Xray, which provides visibility into the contents of software components. JFrog Xray is a universal impact analysis product, to provide companies with understanding about their container images, software packages and binary artifacts, providing insight into the huge volume and variety of components that development teams share in ...
How Apache Kafka is Fundamentally Changing the Streaming of Big Data
Tuesday, January 12, 2016 by Richard Harris
LinkedIn, Netflix and Uber are just a few companies who are utilizing Apache Kafka, which facilitates realtime data streams and provides an open source messaging system. We recently visited with Jay Kreps, co-founder and CEO at Confluent, which he founded with other members of the team that built Kafka at LinkedIn. Jay is the original author of several of open sour...
DevOps and Agile Lessons from the Story of Stone Soup
Saturday, October 17, 2015 by Pete Waterhouse
I love the old stone soup story. A nifty tale of how hungry travelers with nothing more than a cooking pot, water and a large stone, managed to get curious townsfolk to contribute ingredients to the ‘stone soup’ they were cooking. A wonderful soup, that never quite reached its full potential because it lacked a few essentials. Finally, after the villagers had contribute...
Cisco Launches New Cloud Based TV Video Solutions
Monday, September 21, 2015 by Richard Harris
Cisco has launched new suite of cloud-powered video solutions to provide TV experiences to multiple screens, utilizing one cloud, on any access network, within the home and on mobile.The two new services, Infinite Home and Infinite Video, deliver full-featured linear, on-demand and time-shift TV video experiences as part of Cisco’s “Infinite” cloud video entertain...
Tizen: The OS of Things has Arrived in a Ripe Market
Thursday, June 5, 2014 by Brian Warner
There’s been a lot of talk recently about Tizen, a new open source mobile operating system developed primarily by Samsung and Intel, and hosted as a Collaborative Project at The Linux Foundation. So what is it, and why is it important? Fundamentally, Tizen is about convergence, and developing a single platform that can be used for all manner of devices. But to rea...
Marmalade Quick LUA App Programming
Monday, March 4, 2013 by Richard Harris
Do you like programming apps in LUA? Marmalade Quick might just be a new option for you then. It is a fast, flexible and open RAD programming environment for the creation of 2D games and apps using LUA as the primary language to write in.It’s based upon Open Source components including Cocos2d-x and Box2D, and the entire engine is made available in source code (rar...
