ONCD asks software manufacturers to adopt memory safe languages
Tuesday, March 5, 2024 by Richard Harris
The White House Office of the National Cyber Director (ONCD) has released a new report asking software manufacturers to adopt memory-safe programming languages to help reduce vulnerabilities from entering the supply chain.
"For thirty-five years, memory safety vulnerabilities have plagued the digital ecosystem, but it doesn’t have to be this way. This repo...
Agile myths busted by Adaptavist
Friday, February 9, 2024 by Jon Kern
Agile methodologies are more essential than ever with the constant demand for businesses to adapt to fast-changing markets and digital transformation continuing its rise. However, the hype around Agile has mistakenly led many to view it as a silver bullet, only to report frustrations that Agile isn’t living up to its full potential. The fact is that many myths and...
Secure software development insights from The Linux Foundation
Monday, February 5, 2024 by Richard Harris
The Linux Foundation published a new report, Maintainer Perspectives on Open Source Software Security, based on a survey of OSS maintainers and core contributors, to understand perspectives on OSS security and the uptake and adoption of security best practices by maintainers, core contributors, end users, and other members of the OSS ecosystem.
Maintainer Perspective...
Open source AI trends for 2024 according to Eclipse Foundation
Thursday, December 21, 2023 by Richard Harris
Each year I usually like to make a few predictions about where the software industry, open source, and Eclipse Foundation projects are headed. This year is going to be a little broader, as some large trends are going to impact us in ways that should be discussed and understood.
Government regulation will impact the software industry
The first trend is that for the...
App security training enhancements by Security Journey
Wednesday, July 19, 2023 by Freeman Lightner
Security Journey announced an acceleration of its secure coding training platform enhancements. Since combining HackEDU and Security Journey training offerings into one Platform, the company has added or refreshed almost 200 lessons and 25 languages, frameworks, and technologies; giving customers even more new training content to improve secure coding knowledge gain of ...
Develop on the Mainframe like any other cloud platform with Zowe
Monday, February 11, 2019 by Richard Harris
The Open Mainframe Project announced that Zowe, an open source software framework for the mainframe that strengthens integration with modern enterprise applications, is now production ready less than six months after launching. Any enterprise or solution developer can access the Zowe 1.0 source code or convenience build and incorporate it into their products or services...
Why developers run away from security updates
Monday, April 16, 2018 by Richard Harris
Veracode, Inc. has released new data that shines a light on the discrepancy between component security and hygiene. According to the research conducted with Vanson Bourne, only 52 percent of developers using commercial or open source components in their applications update those components when a new security vulnerability is announced. This highlights organizations’ la...
New software security guide from SAFECode publishes
Monday, April 2, 2018 by Richard Harris
The Software Assurance Forum for Excellence in Code (SAFECode) announced the publication of the Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Life Cycle Program (Third Edition).The guide was written by SAFECode members to help software developers, development organizations and technology users initiate or improve their...
DevSecOps is important and here is why
Friday, October 20, 2017 by Richard Harris
In the digital age, securing your development projects against malicious hackers can be quite the challenge. And when you take security and try to scale security to an enterprise, the challenge seems insurmountable. Evident by the frequent hacking incidents we see come through the news.Enter DevSecOps. DevSecOps is a methodology that interweaves the aspects of DevOps an...
Checkmarx opens beta support for Scala programming language
Wednesday, February 1, 2017 by Richard Harris
Checkmarx, an application security testing company, has announced open beta support of the Scala programming language. The new capability adds the ability to analyze and remediate security risks and vulnerabilities exposed in projects written using Scala code.The added capability not only allows the detection of vulnerabilities within Scala code, but also the ability to...
