AI coding helpers get FAILing grade
Purdue researchers expose generative AI tools like Copilot's frequent errors when asked basic development questions.
Dev & DevSecOps
AI coding helpers get FAILing grade
Listen up, devs: AI trained to overhear passwords
Deep learning model knows what keys you press — “with 95% accuracy.” The password's days are numbered.
FraudGPT / WormGPT: Scammy for now — but a worrying signpost for software security
Your app sec team should factor in more capable malicious AI tools, coming soon.
No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’
It’s an optional trial program (for now). How would your devs cope?
Safe programming languages: A solid first step for application security
Safe programming languages and packages can dramatically reduce vulnerabilities in your systems and applications. Here's my rundown on the safest bets for secure coding.
Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites
C’mon, dev teams — it's about time to get serious about memory safety, XSS and SQLi.
Hackers breached UPS data for SMS phish spree
It’s a dog-eat-dog world ... Bug allows bad actor to manipulate URLs and extract data. Note to devs: Avoid consecutive object references and add entropy.
‘Extinction risk’: Could code-writing AI wipe out humans via software backdoors?
Experts warn ChatGPT-based coding could do to us what an asteroid did to the dinosaurs. Hype — or heads-up to reckon with?
EU cyber laws ‘will’ make FOSS devs liable
The Python Software Foundation is very, very unhappy with the draft Cyber Resilience Act (CRA) and Product Liability Act (PLA).
OSC&R embraces GitHub: Will it move the needle on supply chain security?
Here's what the Open Software Supply Chain Attack Reference (OSC&R) framework move means in the short run — and long term.
Has public USB ‘juice jacking’ made it into the wild?
Déjà vu, but carry protection, dev teams traveling with credentials: Public-USB hacks could finally have gone rogue, per the FBI.
With Twitter code in the wild, DevSecOps doubts surface
First, Twitter's source code was leaked. Then it open-sourced its ranking algorithm. Should we worry about the unintended consequences of “transparency”?
The 3CX breach was targeted — but the plan was broader
The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.
Do you trust AI to find app sec holes while you sleep?
Purr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.
The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.