AI coding helpers get FAILing grade
Purdue researchers expose generative AI tools like Copilot's frequent errors when asked basic development questions.
Read More about AI coding helpers get FAILing gradeDev & DevSecOps
AI coding helpers get FAILing grade
Listen up, devs: AI trained to overhear passwords
Deep learning model knows what keys you press — “with 95% accuracy.” The password's days are numbered.
Read More about Listen up, devs: AI trained to overhear passwords
FraudGPT / WormGPT: Scammy for now — but a worrying signpost for software security
Your app sec team should factor in more capable malicious AI tools, coming soon.
Read More about FraudGPT / WormGPT: Scammy for now — but a worrying signpost for software security
No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’
It’s an optional trial program (for now). How would your devs cope?
Read More about No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’
Safe programming languages: A solid first step for application security
Safe programming languages and packages can dramatically reduce vulnerabilities in your systems and applications. Here's my rundown on the safest bets for secure coding.
Read More about Safe programming languages: A solid first step for application security
Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites
C’mon, dev teams — it's about time to get serious about memory safety, XSS and SQLi.
Read More about Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites
Hackers breached UPS data for SMS phish spree
It’s a dog-eat-dog world ... Bug allows bad actor to manipulate URLs and extract data. Note to devs: Avoid consecutive object references and add entropy.
Read More about Hackers breached UPS data for SMS phish spree
‘Extinction risk’: Could code-writing AI wipe out humans via software backdoors?
Experts warn ChatGPT-based coding could do to us what an asteroid did to the dinosaurs. Hype — or heads-up to reckon with?
Read More about ‘Extinction risk’: Could code-writing AI wipe out humans via software backdoors?
EU cyber laws ‘will’ make FOSS devs liable
The Python Software Foundation is very, very unhappy with the draft Cyber Resilience Act (CRA) and Product Liability Act (PLA).
Read More about EU cyber laws ‘will’ make FOSS devs liable
OSC&R embraces GitHub: Will it move the needle on supply chain security?
Here's what the Open Software Supply Chain Attack Reference (OSC&R) framework move means in the short run — and long term.
Read More about OSC&R embraces GitHub: Will it move the needle on supply chain security?
Has public USB ‘juice jacking’ made it into the wild?
Déjà vu, but carry protection, dev teams traveling with credentials: Public-USB hacks could finally have gone rogue, per the FBI.
Read More about Has public USB ‘juice jacking’ made it into the wild?
With Twitter code in the wild, DevSecOps doubts surface
First, Twitter's source code was leaked. Then it open-sourced its ranking algorithm. Should we worry about the unintended consequences of “transparency”?
Read More about With Twitter code in the wild, DevSecOps doubts surface
The 3CX breach was targeted — but the plan was broader
The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.
Read More about The 3CX breach was targeted — but the plan was broader
Do you trust AI to find app sec holes while you sleep?
Purr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.
Read More about Do you trust AI to find app sec holes while you sleep?
The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability