
AI coding helpers get FAILing grade
Purdue researchers expose generative AI tools like Copilot's frequent errors when asked basic development questions.
Read More about AI coding helpers get FAILing gradePurdue researchers expose generative AI tools like Copilot's frequent errors when asked basic development questions.
Read More about AI coding helpers get FAILing gradeDeep learning model knows what keys you press — “with 95% accuracy.” The password's days are numbered.
Read More about Listen up, devs: AI trained to overhear passwordsYour app sec team should factor in more capable malicious AI tools, coming soon.
Read More about FraudGPT / WormGPT: Scammy for now — but a worrying signpost for software securityIt’s an optional trial program (for now). How would your devs cope?
Read More about No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’Safe programming languages and packages can dramatically reduce vulnerabilities in your systems and applications. Here's my rundown on the safest bets for secure coding.
Read More about Safe programming languages: A solid first step for application securityC’mon, dev teams — it's about time to get serious about memory safety, XSS and SQLi.
Read More about Here’s MITRE’s top-25 CWE list — with your old vulnerability category favoritesIt’s a dog-eat-dog world ... Bug allows bad actor to manipulate URLs and extract data. Note to devs: Avoid consecutive object references and add entropy.
Read More about Hackers breached UPS data for SMS phish spreeExperts warn ChatGPT-based coding could do to us what an asteroid did to the dinosaurs. Hype — or heads-up to reckon with?
Read More about ‘Extinction risk’: Could code-writing AI wipe out humans via software backdoors?The Python Software Foundation is very, very unhappy with the draft Cyber Resilience Act (CRA) and Product Liability Act (PLA).
Read More about EU cyber laws ‘will’ make FOSS devs liableHere's what the Open Software Supply Chain Attack Reference (OSC&R) framework move means in the short run — and long term.
Read More about OSC&R embraces GitHub: Will it move the needle on supply chain security?Déjà vu, but carry protection, dev teams traveling with credentials: Public-USB hacks could finally have gone rogue, per the FBI.
Read More about Has public USB ‘juice jacking’ made it into the wild?First, Twitter's source code was leaked. Then it open-sourced its ranking algorithm. Should we worry about the unintended consequences of “transparency”?
Read More about With Twitter code in the wild, DevSecOps doubts surfaceThe compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.
Read More about The 3CX breach was targeted — but the plan was broaderPurr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.
Read More about Do you trust AI to find app sec holes while you sleep?Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liabilityGet your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free Trial