Rust on Android goes bare metal: 3 key security benefits
Extending the language's bare-metal use from Linux will make Android a trusted platform — and have a broader impact on the Rust development community.
Dev & DevSecOps
Rust on Android goes bare metal: 3 key security benefits
The state of OSS security: Changes in attack methods, policy
What’s to come for the security of open source software? ConversingLabs caught up with Mikaël Barbero of the Eclipse Foundation to answer that question. Watch (or listen) and learn.
SANS DevSecOps report: 5 key takeaways
"Shift left" is giving way to up-front software risk assessments, and companies are increasingly tapping external support for third-party compliance. Learn more from application security peers.
20 application security pros you should follow
These leading app sec experts provide a steady flow of security knowledge to keep you up to speed.
AI coding helpers get FAILing grade
Purdue researchers expose generative AI tools like Copilot's frequent errors when asked basic development questions.
Listen up, devs: AI trained to overhear passwords
Deep learning model knows what keys you press — “with 95% accuracy.” The password's days are numbered.
FraudGPT / WormGPT: Scammy for now — but a worrying signpost for software security
Your app sec team should factor in more capable malicious AI tools, coming soon.
No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’
It’s an optional trial program (for now). How would your devs cope?
Safe programming languages: A solid first step for application security
Safe programming languages and packages can dramatically reduce vulnerabilities in your systems and applications. Here's my rundown on the safest bets for secure coding.
Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites
C’mon, dev teams — it's about time to get serious about memory safety, XSS and SQLi.
Hackers breached UPS data for SMS phish spree
It’s a dog-eat-dog world ... Bug allows bad actor to manipulate URLs and extract data. Note to devs: Avoid consecutive object references and add entropy.
‘Extinction risk’: Could code-writing AI wipe out humans via software backdoors?
Experts warn ChatGPT-based coding could do to us what an asteroid did to the dinosaurs. Hype — or heads-up to reckon with?
EU cyber laws ‘will’ make FOSS devs liable
The Python Software Foundation is very, very unhappy with the draft Cyber Resilience Act (CRA) and Product Liability Act (PLA).
OSC&R embraces GitHub: Will it move the needle on supply chain security?
Here's what the Open Software Supply Chain Attack Reference (OSC&R) framework move means in the short run — and long term.
Has public USB ‘juice jacking’ made it into the wild?
Déjà vu, but carry protection, dev teams traveling with credentials: Public-USB hacks could finally have gone rogue, per the FBI.