Your app sec team should factor in more capable malicious AI tools, coming soon.
Read More about FraudGPT / WormGPT: Scammy for now — but a worrying signpost for software security
It’s an optional trial program (for now). How would your devs cope?
Read More about No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’
Safe programming languages and packages can dramatically reduce vulnerabilities in your systems and applications. Here's my rundown on the safest bets for secure coding.
Read More about Safe programming languages: A solid first step for application security
C’mon, dev teams — it's about time to get serious about memory safety, XSS and SQLi.
Read More about Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites
It’s a dog-eat-dog world ... Bug allows bad actor to manipulate URLs and extract data. Note to devs: Avoid consecutive object references and add entropy.
Read More about Hackers breached UPS data for SMS phish spree
Experts warn ChatGPT-based coding could do to us what an asteroid did to the dinosaurs. Hype — or heads-up to reckon with?
Read More about ‘Extinction risk’: Could code-writing AI wipe out humans via software backdoors?
The Python Software Foundation is very, very unhappy with the draft Cyber Resilience Act (CRA) and Product Liability Act (PLA).
Read More about EU cyber laws ‘will’ make FOSS devs liable
Here's what the Open Software Supply Chain Attack Reference (OSC&R) framework move means in the short run — and long term.
Read More about OSC&R embraces GitHub: Will it move the needle on supply chain security?
Déjà vu, but carry protection, dev teams traveling with credentials: Public-USB hacks could finally have gone rogue, per the FBI.
Read More about Has public USB ‘juice jacking’ made it into the wild?
First, Twitter's source code was leaked. Then it open-sourced its ranking algorithm. Should we worry about the unintended consequences of “transparency”?
Read More about With Twitter code in the wild, DevSecOps doubts surface
The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.
Read More about The 3CX breach was targeted — but the plan was broader
Purr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.
Read More about Do you trust AI to find app sec holes while you sleep?
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability
Why was an engineer allowed to access critical keys from a home computer? "DevOops."
Read More about LastPass revelations: BIG lessons for DevSecOps teams
Beep, boop; hope, hype: Generative AI isn't ready for prime time. So don't play games with your software development
Read More about Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy