Leaky app gives researcher 'total, global control' over the Toyota supplier network

Researcher Eaton Zveare discloses massive back door in Toyota web app exploiting a JsonWebToken used for authentication

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

The Log4Shell vulnerability is considered to be one of the most significant software bugs in recent years, because of its severity, pervasiveness and long-lasting impact on organizations.

GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’?

Machine learning can be a cognitive crutch, causing code vulnerabilities. Use with extreme caution!

DraftKings fantasy? How YOU can prevent credential stuffing attacks

...

Ahoy! More insecure code washes ashore with AlphaCode

Alphabet’s DeepMind brings us AlphaCode — another AI code-generating parlor trick. And, just like its large language model cousins, it can spit out buggy code.

ChatGPT: Parlor trick or Stack Overflow replacement?

Conversational AI language model ChatGPT can write code. But is it any good?

Meta’s GDPR fine: Why your DevOps needs red teaming

Your support must scale: Don’t be like Meta, dev teams

A rash of small businesses on Facebook found their accounts locked after being hacked. And it’s impossible to contact Meta to get the problem fixed.

4 ways GitOps can help secure your software pipeline

GitOps can help control configuration drift and enable your infrastructure security to shift left, for starters. Here are four ways it can enable better software security.

Track this: Apple, Google hit with BIG privacy law claims

Within the space of a few days, both Google and Apple have suffered huge legal challenges.

Dropbox reveals hack: What DevOps can learn from it

Dropbox was hacked last month. The company has now revealed more details — and there are some big surprises.

Reflection attacks: Don’t be part of the problem

Once again, Microsoft is under fire for shipping a service that can easily be misused for DDoS attacks.

OWASP at a crossroads: Founder Mark Curphey's call for relevance in the age of DevSecOps

After two decades of raising awareness about the big problems in application security, the Open Web Application Security Project (OWASP) stands at a crossroads.

Devs: Don’t rely on GitHub Copilot — legal risk gets real

GitHub’s Copilot ML code-completion engine is violating copyright wholesale. So say several high-profile open source advocates.

DevOps lesson from Toyota FAIL: Crash test secrets

Toyota stands accused of lax DevOps standards, as the company reveals it stored prod database credentials in a public GitHub repo. That’s bad enough, but it also took five years to detect and fix.