The concept of “shift left” is fundamentally sound. Integrating security earlier into the software development life cycle (SDLC) seems like the obvious move. Instead of leaving security as an afterthought, why not address it before it becomes a problem? It sounds ideal: Faster remediation, fewer vulnerabilities slipping through the cracks, and developers becoming security heroes. … continue reading
A majority of codebases contain outdated components, or “zombie code,” which can result in unpatched vulnerabilities lingering long after they should have been fixed. According to Synopsys’ Open Source Security and Risk Analysis report, which was released today, 91% of codebases contain components that are at least 10 versions out-of-date. Furthermore, 49% of codebases contain … continue reading
How developer-friendly is your organization’s security program? The answer is as important as ever in today’s digital economy. High-performing organizations empower developers with tools, training and resources to do high-quality work, with security top of mind. This results in the ability to build secure applications quickly that consistently meet expectations and mitigate risk. As we … continue reading
While errors and bugs in coding technology may not always be harmful, many of them can be exploited by bad actors and result in vulnerabilities. Bad actors can leverage vulnerabilities to get the software to act in unexpected ways, potentially impacting the performance and security of the software. This could also give untrustworthy agents access to … continue reading
Cadence is a fault-tolerant stateful code platform created by Uber that enables users to write stateful applications without worrying about handling the complexity of handling process failures. Workflows provide primitives to enable application developers to express complex business logic as code. It also provides asynchronous history event replication that can help users recover from zone … continue reading
Codebases are as diverse, unique and interesting as the people who work on them. But almost all of them have this in common: they grow over time (the codebases, not the people). Teams expand, requirements grow, and time, of course, marches on; and so we end up with more developers writing more code to do … continue reading
Instead of building all software “from scratch” today, developers use open source to their advantage when needing to provide common or repetitive elements. Doing so primarily limits the use of the homegrown code they develop for proprietary features and functionality, while also being the adhesive that binds everything together. Consequently, developers spend much of their … continue reading
Swimm, a developer onboarding and team collaboration tool provider, announced that it raised $5.7 million in seed funding and also launched its platform for sharing information about codebases. The round of funding was led by Pitango First alongside TAU Ventures, Axon Ventures, Fundfire, as well as angel investors that included the founder of Snyk. The … continue reading
Rollbar wants to shift developers’ focus to continuously improving code, instead of having to continuously fix it. The continuous code improvement platform provider announced two new features designed to reduce the time spent monitoring, investigating and debugging code. The new AI-assisted workflows are automated workflows that help development teams catch and address errors before they … continue reading
Despite efforts to make building and maintaining applications more maintainable, code is still growing in volume, variety, velocity and value. As a result, the trend Big Code has emerged and is expected to be just as disruptive to development teams as Big Data was to data teams. “Today’s massive codebases make it difficult for developers … continue reading
Want to quickly know how good a project manager is? Here is an old consultant’s trick: Ask a programmer on the team how much throwaway code he or she used during the last project. A good 80/20 rule is the more throwaway code used during development, the better the project manager. Throwaway code refers to … continue reading
The Free Software Foundation (FSF) announced plans to launch a public code hosting and collaboration platform (“forge“) this year. Members of the FSF tech team are currently reviewing ethical web-based software that will help teams work on their projects, with features like merge requests, bug tracking, and other common tools. “Infrastructure is very important for … continue reading
