Software Development | News, how-tos, features, reviews, and videos
It’s no surprise that demand for more secure software is rising and these two approaches claim to outline the best way forward.
Misconfigured cybersecurity products can be gateways to a breach – this guide from the NSA and CISA identifies key weak spots in software configuration that can be corrected.
Bug bounty programs can be a big boon to software security and provide expanded vulnerability visibility, but they're not for all organizations and can come with risks.
Attackers exploited a script injection vulnerability via GitHub Actions to inject malicious code during the automated build process, poisoning the resulting packages of the popular Python library.
The Key Secure Future Initiative's November update includes compulsory MFA, device isolation, and secrets security.
Organizations that develop websites with Microsoft Power Pages can accidentally overprovision database privileges for authenticated or anonymous users, leading to the exposure of sensitive records, a researcher has found.
Introduced in 2021, the US government’s vulnerability disclosure policy platform has racked up 12,000 bug reports and saved the government millions in remediation costs.
A novel phishing campaign abuses DocuSign APIs to send fake invoices at scale.
These CISA guides can help ensure cyber teams everywhere are buying software that is secure and follows development practices that don’t lead to future calamity.
Threat actors could use these supply chain attacks to compromise applications, says Checkmarx.