Security News

Understandably, security teams are recalibrating and sorting out where more security investments are needed in the new year. The software development community is responding to these developments and recognizes that approaching security as an afterthought encourages attacks and their resulting damages.

If you were a user of either of those projects, and if you are inclined to accept any and all updates to your source code automatically without any sort of code review or testing. We've written about security holes suddenly showing up in numerous coding communities, including PHP programmers, Pythonistas, Ruby users, and NPM fans.

"The findings confirm our belief that security teams must make improving their relationship with developers a major priority in 2022," said Harshil Parikh, CEO of Tromzo. "They can do this by making security easy for developers. This means integrating security checks into the SDLC and transitioning from security gates to security guardrails so security can become a first-class citizen once and for all."

The humble PC continues to bring home the bacon for Dell, with shipments to corporate customers going through the roof, in spite of previous worries about shortages and price hikes. Things are less rosy at HP, which has been caught out by the recent collapse in Chromebook orders.

While mostly hidden in private conversations, details sometimes emerge about the parallel economy of vulnerability exploits on underground forums, revealing just how fat of a wallet some threat actors have. If it takes too long, developers may lose the chance to make big money because competitors may come up with an exploit variant, dragging down the price.

What excites a security professional is not exciting for developers because, at the end of the day, a developer needs to build, not to break. While it can be fun to find and exploit a security vulnerability, this should not be the goal of secure coding training.

The US Department of Justice claims it's arrested a member of a gang that deployed the Trickbot ransomware. A heavily-redacted indictment names Vladimir Dunaev as a developer of the malware, and alleges he was "a Malware Developer for the Trickbot Group, overseeing the creation of internet browser injection, machine identification, and data harvesting codes used by the Trickbot malware".

Rapyd published a report conducted by 451 Research, to assess the market dynamics of fintech developers around the world. Key findings in the report include a growing demand for fintech developers to create payment applications and building in-house tools as well as general job dissatisfaction.

AppSec teams were disliked by most developers because they would often send completed applications back into development to apply security patches or to rewrite code to remediate vulnerabilities. The companies of today want the security offered by DevSecOps sadly, have been slow to reward developers who answer that call.

The SOS program, run by the Linux Foundation, will reward developers with potentially more than $10,000 for enhancing the security of critical open source software. As part of Google's recently announced $10 billion commitment to cybersecurity defense, the company announced Friday the sponsorship for the Secure Open Source Rewards pilot program run by the Linux Foundation.