Security News

Pentest as a Service allows organizations of all sizes to manage an efficient pentest program with on-demand access to expert security talent and a modern SaaS delivery platform. With integrations into security and development tools and real-time collaboration with pentesters, PtaaS enables modern DevSecOps teams to secure their code faster.

Although many community members praised the move, the developer of a popular Python project decided to delete his code from PyPI and republish it to invalidate the "Critical" status assigned to his project. We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them.

If developers don't adopt the new language version, they're excluded from the new feature set. That's the conundrum: to adopt the new, more advanced version of a language developers need to refactor, and along the way they'll spend a huge amount of effort - and break all sorts of unexpected things, introducing new bugs into an application that was running just fine.

Featuring nine full-length video courses, The 2022 Complete Raspberry Pi & Arduino Developer Bundle provides a really good introduction to this world. Special Offer - For a limited time, you can get lifetime access to nine courses on Arduino and Raspberry Pi development for just $39.99.

Perforce Software released the results of its annual State of Automotive Software Development survey conducted in partnership with Automotive IQ. Close to 600 automotive development professionals across the globe provided responses to current practices and emerging trends within the industry. Key findings suggest a growing concern for automotive software security, while the automotive vehicle market continues to rapidly evolve.

GitHub announced today that all users who contribute code on its platform will be required to enable two-factor authentication on their accounts by the end of 2023. Active contributors who will have to enable 2FA include but are not limited to GitHub users who commit code, use Actions, open or merge pull requests, or publish packages.

Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an "Early look" at the SDK Runtime and Topics API to boost users' privacy online. "The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year," the search giant said in an overview.

Today we're seeing another massive security challenge ahead for developers, where nothing is easy or automatic: software supply-chain security. Lorenc met Chainguard co-founder Kim Lewandowski at Google, and they have both been approaching the software supply chain security problem through a series of open source projects that they co-created and co-maintain.

A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country. "There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore our laws for its own benefit," U.S. Attorney Damian Williams said in a statement.

While many developers acknowledge the importance of applying a security-led approach in the software development lifecycle, 86% do not view application security as a top priority when writing code. These are primarily due to time constraints to meet deadlines, or developers not having enough training or guidance on how to implement secure coding from their managers.