Security News

In this Help Net Security video, Greg Ellis, General Manager, Application Security, at Digital.ai, discusses how artificial intelligence is revolutionizing the way applications are developed and...

The research found that AppSec chaos reigns, with 78% of CISOs responding that today's AppSec attack surfaces are unmanageable and 90% of responders confirmed relationships between their security and development teams need to improve. 85% of CISOs acknowledge dev teams suffer from vulnerability noise and alert fatigue, which strains the relationship between security and dev teams.

The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence (AI) systems. "The approach...

While Dependabot exemplifies the advancements in automating software maintenance tasks, this incident also underscores the broader complexities and vulnerabilities inherent in CI/CD pipelines. These pipelines serve as vital conduits, linking the external world of software development tools and platforms with the internal processes of software creation and deployment.

Traditional on-premises and pro-code development teams have invested heavily in DevSecOps tooling, but many low-code development teams don't believe these tools are necessary. If your low-code team is resistant to DevSecOps tools, here are four early warning signs that you should be considering a tool to help manage your releases.

Organizations are optimistic about AI, but AI adoption requires attention to privacy and security, productivity, and training, according to GitLab. "According to the GitLab Global DevSecOps Report, only 25% of developers' time is spent on code generation, but the data shows AI can boost productivity and collaboration in nearly 60% of developers' day-to-day work. To realize AI's full potential, it needs to be embedded across the software development lifecycle, allowing everyone involved in delivering secure software, not just developers, to benefit from the efficiency boost."

LibreOffice is based on the source code of OpenOffice, a project that, according to LibreOffice marketing co-lead Italo Vignoli, was marked by questionable decisions around development and quality assurance. To address the mountain of inherited technical debt, the LibreOffice developers undertook a heavy source code cleanup and refactoring process, which lasted throughout the development of LibreOffice 3.x and 4.x. "This effort was coupled with the creation of an infrastructure to serve the developers, with the implementation of tools such as Gerrit for code review, Git for continuous integration, a battery of Tinderboxes, Bugzilla for quality assurance, OpenGrok for source code research, Weblate for localization, as well as testing for performance and crash analysis," he explained.

North Korean state-sponsored hackers have breached Russian missile maker NPO Mashinostroyeniya, according to SentinelLabs researchers. The researchers came across leaked email communication between NPO Mashinostroyeniya's IT staff that contained information about a possible cyber intrusion first detected in May 2022.

Seven US artificial intelligence giants - Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI - have publicly committed to "Help move toward safe, secure, and transparent development of AI technology." Test the security of their AI systems before launch Share knowledge about AI risk management best practices among themselves and with the government.

How to create Portainer teams for restricted development access Jack Wallen shows you how to create a team and add users in Portainer in a secure way. With Teams, you can create multiple teams, add users and then create containers with restricted access to only the teams who need to manage specific deployments.