Security News
Developers do not view application security as a top priority, study finds. According to Secure Code Warrior's State of Developer-Driven Security 2022 survey, 86% of developers said they do not view application security as a top priority when writing code.
Developers remediate only 32% of vulnerabilities and 42% of them regularly push vulnerable code, a Tromzo report reveals. This is due to the high volume of false-positive alerts and their not...
A Tromzo report reveals developers remediate only 32% of vulnerabilities and regularly push vulnerable code. "These findings show that developers regularly ignore security issues, but can we really blame them?" said Tromzo CTO Harshit Chitalia.
A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information. The entire set of malicious packages was disclosed to the NPM maintainers roughly two days after they were published, leading to their quick removal, but not before each of the packages were downloaded around 50 times on average.
A group of more than 200 malicious npm packages targeting developers who use Microsoft Azure has been removed two days after they were made available to the public. This group of packages grew from about 50 to at least 200 by March 21.
Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information in a large-scale typosquatting attack against Microsoft Azure cloud users. That's according to the JFrog Security Research team, which said that the set of packages appeared earlier this week and steadily grew since then, from about 50 packages to more than 200.
A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. It constantly surprises non-computer people how much critical software is dependent on the whims of random programmers who inconsistently maintain software libraries.
Cequence Security released a report revealing that both developers and attackers have made the shift to APIs. After analyzing some of the most interesting bot attacks throughout 2021, it's clear that attackers have come to love APIs just as much as developers.
With so many security and developer teams doing post mortems on the Log4j security vulnerability fiasco that unfolded in late 2021, just 10 days before Christmas, the main question is: how do we avoid this type of pain in the future? The answer is it's complicated. On the upside the pain of that experience has triggered a major software supply-chain security rethink from developers and security teams.
Open banking APIs handle everything from account status to fund transfers to pin changes and account services. On top of open banking driving API utilization, APIs have become a de facto standard in modern application development, with organizations often deploying thousands of APIs for a wide variety of purposes.