With Twitter code in the wild, DevSecOps doubts surface

First, Twitter's source code was leaked. Then it open-sourced its ranking algorithm. Should we worry about the unintended consequences of “transparency”?

The 3CX breach was targeted — but the plan was broader

The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.

Do you trust AI to find app sec holes while you sleep?

Purr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.

The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

LastPass revelations: BIG lessons for DevSecOps teams

Why was an engineer allowed to access critical keys from a home computer? "DevOops."

Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy

Beep, boop; hope, hype: Generative AI isn't ready for prime time. So don't play games with your software development

Leaky app gives researcher 'total, global control' over the Toyota supplier network

Researcher Eaton Zveare discloses massive back door in Toyota web app exploiting a JsonWebToken used for authentication

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

The Log4Shell vulnerability is considered to be one of the most significant software bugs in recent years, because of its severity, pervasiveness and long-lasting impact on organizations.

GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’?

Machine learning can be a cognitive crutch, causing code vulnerabilities. Use with extreme caution!

DraftKings fantasy? How YOU can prevent credential stuffing attacks

...

Ahoy! More insecure code washes ashore with AlphaCode

Alphabet’s DeepMind brings us AlphaCode — another AI code-generating parlor trick. And, just like its large language model cousins, it can spit out buggy code.

ChatGPT: Parlor trick or Stack Overflow replacement?

Conversational AI language model ChatGPT can write code. But is it any good?

Meta’s GDPR fine: Why your DevOps needs red teaming

Your support must scale: Don’t be like Meta, dev teams

A rash of small businesses on Facebook found their accounts locked after being hacked. And it’s impossible to contact Meta to get the problem fixed.

4 ways GitOps can help secure your software pipeline

GitOps can help control configuration drift and enable your infrastructure security to shift left, for starters. Here are four ways it can enable better software security.