devsecops
By Paul Krill Java services are the most-impacted by third-party vulnerabilities, according to the “State of DevSecOps 2024” report just released by cloud security provider Datadog. Released on April 17, the report found that 90% of Java services were susceptible to one or more critical or high-severity vulnerabilities introduced by a third-party library. The average for other languages was 47%. Datadog’s report analyzed tens of thousands of applications and container images and thousands of cloud environments to assess application security. Following Java in the vulnerabilities assessment wer...
Info World
By Paul Krill As of the first quarter of 2024, 83% of developers were involved in devops-related activities such as performance monitoring, security testing, or CI/CD, according to the State of CI/CD Report 2024, published by the Continuous Delivery (CD) Foundation, a part of the Linux Foundation. Released April 16, the State of CI/CD Report 2024 is downloadable from the CD Foundation, authored by developer researcher SlashData, and sponsored by CloudBees, provider of a DevSecOps platform. The report also found that less-experienced developers adopt fewer devops practices and technologies, whi...
Info World
By Paul Krill Synopsys has introduced Black Duck Supply Chain Edition, a software composition analysis (SCA) package that helps organizations mitigate upstream risk in software supply chains, including from AI code. Announced April 9, Black Duck Supply Chain Edition is intended to address a rise in software supply chain attacks targeting vulnerable or maliciously altered open source and third-party components. Due April 25, the product combines open source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection to give a view of software ...
Info World
By Paul Krill The key benefits of platform engineering are increased developer productivity, better quality of software, reduced lead time for deployment, and more stable applications, according to Puppet by Perforce’s 2024 State of Devops Report: The Evolution of Platform Engineering. The report is based on a survey of 474 participants who work with a platform engineering team at their organizations. The survey was conducted in the summer of 2023. Other benefits cited include cost savings, reduced time for product development, reduced errors, and reduced risk of security breaches. “Security h...
Info World
By Paul Krill GitHub is previewing code scanning autofix, a feature that combines its GitHub Copilot AI assistant with its CodeQL code scanner to provide suggested fixes to discovered vulnerabilities. Code scanning autofix is available in a public beta to GitHub Advanced Security customers. Launched March 20, code scanning autofix makes vulnerability fixes available right away as a developer is coding, GitHub said. GitHub Copilot AI is used to provide a code suggestion and explanation directly in the pull request. Code scanning autofix covers more than 90% of alert types in JavaScript, TypeScr...
Info World
By Paul Krill In JFrog’s just-released Software Supply Chain State of the Union 2024 report, the software supply chain platform provider found extensive use of AI and machine learning tools for security. However, only one in three software developers the company surveyed use generative AI to write code. While 90% of survey respondents indicate their organizations currently use AI/ML-powered tools in some capacity to assist in security scanning and remediation, only about one in three professionals, 32%, said their organizations use AI/ML-powered tools to write code. This indicates the majority...
Info World
By Paul Krill In JFrog’s just-released Software Supply Chain State of the Union 2024 report, the software supply chain platform provider found extensive use of AI and machine learning tools for security. However, only one in three software developers the company surveyed use generative AI to write code. While 90% of survey respondents indicate their organizations currently use AI/ML-powered tools in some capacity to assist in security scanning and remediation, only about one in three professionals, 32%, said their organizations use AI/ML-powered tools to write code. This indicates the majority...
Info World
By Roee Alfasi The internet of things (IoT) has transformed the way we interact with the world, connecting a myriad of devices to the internet, from smart thermostats in our homes to industrial sensors in manufacturing plants. A significant portion of these IoT devices relies on the Linux operating system due to its flexibility, robustness, and open-source nature. Deploying software to Linux-based devices, at scale, is a complex and critical process that requires planning, well-thought-out processes, and adherence to best practices to ensure the stability, security, and manageability of the Io...
Info World
By Dan Lorenc Frank Crane wasn’t talking about open source when he famously said, “You may be deceived if you trust too much, but you will live in torment if you don’t trust enough.” But that’s a great way to summarize today’s gap between how open source is actually being consumed, versus the zero trust patterns that enterprises are trying to codify into their DevSecOps practices. Every study I see suggests that between 90% and 98% of the world’s software is open source. We’re all taking code written by other people—standing on the shoulders of giants—and building and modifying all that code, ...
Info World
By Vishal Ghariwala Last year’s MOVEit and 3CX vulnerabilities offered a stark reminder of the risk software supply chain attacks pose today. Threat actors exploit vulnerabilities to infiltrate a software provider’s network and modify the software’s original functionality with malicious code. Once the infected software is passed on to customers, typically through software updates or application installers, the breach opens the door to unauthorized tasks, such as exfiltrating sensitive information or hijacking data. We are in the midst of a rapid surge in software supply chain attacks. Sonatype...
Info World
閲覧を続けるには、ノアドット株式会社が「プライバシーポリシー」に定める「アクセスデータ」を取得することを含む「nor.利用規約」に同意する必要があります。
「これは何?」という方はこちら