Security News

The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence (AI) systems. "The approach...

While Dependabot exemplifies the advancements in automating software maintenance tasks, this incident also underscores the broader complexities and vulnerabilities inherent in CI/CD pipelines. These pipelines serve as vital conduits, linking the external world of software development tools and platforms with the internal processes of software creation and deployment.

Traditional on-premises and pro-code development teams have invested heavily in DevSecOps tooling, but many low-code development teams don't believe these tools are necessary. If your low-code team is resistant to DevSecOps tools, here are four early warning signs that you should be considering a tool to help manage your releases.

Organizations are optimistic about AI, but AI adoption requires attention to privacy and security, productivity, and training, according to GitLab. "According to the GitLab Global DevSecOps Report, only 25% of developers' time is spent on code generation, but the data shows AI can boost productivity and collaboration in nearly 60% of developers' day-to-day work. To realize AI's full potential, it needs to be embedded across the software development lifecycle, allowing everyone involved in delivering secure software, not just developers, to benefit from the efficiency boost."

LibreOffice is based on the source code of OpenOffice, a project that, according to LibreOffice marketing co-lead Italo Vignoli, was marked by questionable decisions around development and quality assurance. To address the mountain of inherited technical debt, the LibreOffice developers undertook a heavy source code cleanup and refactoring process, which lasted throughout the development of LibreOffice 3.x and 4.x. "This effort was coupled with the creation of an infrastructure to serve the developers, with the implementation of tools such as Gerrit for code review, Git for continuous integration, a battery of Tinderboxes, Bugzilla for quality assurance, OpenGrok for source code research, Weblate for localization, as well as testing for performance and crash analysis," he explained.

North Korean state-sponsored hackers have breached Russian missile maker NPO Mashinostroyeniya, according to SentinelLabs researchers. The researchers came across leaked email communication between NPO Mashinostroyeniya's IT staff that contained information about a possible cyber intrusion first detected in May 2022.

Seven US artificial intelligence giants - Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI - have publicly committed to "Help move toward safe, secure, and transparent development of AI technology." Test the security of their AI systems before launch Share knowledge about AI risk management best practices among themselves and with the government.

How to create Portainer teams for restricted development access Jack Wallen shows you how to create a team and add users in Portainer in a secure way. With Teams, you can create multiple teams, add users and then create containers with restricted access to only the teams who need to manage specific deployments.

A fork bomb is a form of denial-of-service attack that uses the fork operation, which is executed recursively and can consume all system resources. How do you prevent this from happening? You lower the number of processes allowed on your Linux server.

Though 65% of tech team leaders have been asked to cut costs, 72% still plan to increase their investment in tech skill development in 2023. 67% of tech managers reported that workforce reductions in their organization across software, IT, and data have resulted in their teams taking on more responsibility, while 47% of technologists agree they have had to perform additional responsibilities outside of their primary job function.