Automated software security company Code Intelligence has recently discovered a Denial of Service (DoS) vulnerability (CVE-2023-20863) in the Spring Framework. This is the second DoS vulnerability that Code Intelligence has found in the Spring Frameworkover the past few weeks. The previous finding in Spring was CVE-2023-20861, which has a CVSS score of 5.3, while the … continue reading
The automated testing platform Code Intelligence recently announced that it has integrated its open-source JavaScript fuzz testing engine, Jazzer.js, into Jest, a unit testing framework for JavaScript. Jazzer.js is a free, coverage-guided, in-process fuzzer spanning the Node.js platform. It is currently available within JavaScript’s node package manager. With this, developers can use Jest for both … continue reading
The automated testing company, Code Intelligence, today announced that its open-source Command-Line Interface tool, CI Fuzz CLI, now enables Java developers to include fuzz testing in their current JUnit setup. With this, Java developers can locate functional bugs as well as security vulnerabilities at scale. According to the company, CI Fuzz CLI leverages genetic and … continue reading
Code search and navigation engine Sourcegraph went open-source this week alongside the introduction of new features aimed at welcoming community contribution. In the announcement, Sourcegraph CEO Quinn Slack said the move brings Sourcegraph more in line with the company’s “master plan.” This plan includes a dedication to: “Make basic code intelligence ubiquitous (for every language, … continue reading
This technique is the best way for companies to gain visibility into the state of their software quality and security … continue reading
