Software quality's decline: How AI accelerates it
Development is in freefall toward software entropy and insecurity. Can spec-driven development help?
Dev & DevSecOps
Software quality's decline: How AI accelerates it
The call for funding of open-source platforms
Funding of the OSS ecosystem has reached a crisis as threat actors increasingly target weaknesses in infrastructure.
How AI coding can learn to do secure software
If you train ML models, they can learn to write more secure code. But the quality of the training data is only as good as your AppSec tooling.
How DPE boost development — and AppSec
Developer Productivity Engineering provides a framework to boost code production and creativity — and can help to improve application security.
AI coding tools revive old-school hacks
Researchers at Black Hat discussed how these tools can leave development teams vulnerable to hacks like remote-code execution.
Move over, DevSecOps — DevEx is king
Leading firms are using DevEx to achieve application security gains at speed. Here's how it works — and how to get started.
5 reasons you need an SaaSBOM
Here's why your organization should consider using SaaSBOMs, key challenges — and how to put CycloneDX's xBOM standard into action.
The state of DevSecOps: Why upgrading your AppSec tooling is essential
Here's what's holding DevSecOps back — and why modernizing your application security tooling is critical in the software supply chain security era.
CI/CD pipelines and the cloud: Are your development secrets at risk?
Combined with cloud service providers' CLIs, continuous delivery/continuous integration can pose a threat. Here's why — and how to keep a lid on your secrets.
Memory-safe languages and security by design: Key insights, lessons learned
Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue.
Secure your AI development tools: 4 key questions to ask
When using AI tools including GitHub Copilot, your security team must be aware of — and protect against — certain risks. Here are the top considerations.
8 CI/CD security best practices: Protect your software pipeline
Don't neutralize CI/CD business gains by failing to account for risk. Here are best practices to ensure that your software development pipeline is secure.
Rust on Android goes bare metal: 3 key security benefits
Extending the language's bare-metal use from Linux will make Android a trusted platform — and have a broader impact on the Rust development community.
The state of OSS security: Changes in attack methods, policy
What’s to come for the security of open source software? ConversingLabs caught up with Mikaël Barbero of the Eclipse Foundation to answer that question. Watch (or listen) and learn.
SANS DevSecOps report: 5 key takeaways
"Shift left" is giving way to up-front software risk assessments, and companies are increasingly tapping external support for third-party compliance. Learn more from application security peers.