For years, software security focused on the final product: the code that ships. Today, attackers are increasingly targeting the systems that build the software itself. The shift is logical. Breaching a single app yields limited returns, whereas compromising the infrastructure that builds thousands of apps can quietly scale impact across an organization. As application security … continue reading
As AI coding assistants churn out ever greater amounts of code, the first – and arguably most painful – bottleneck that software teams face is code review. A company called Augment Code, which has developed an AI code assistant, yesterday announced a Code Review Agent to relieve that pressure and improve flow in the development … continue reading
Talk to any DevOps vendor today, and they’ll proudly tell you about their AI roadmap. Most vendors have already built something that will tick the checkbox, if that’s among your requirements. But checkboxes don’t solve problems. A feature that’s hard to use or adds extra manual steps to a developer’s processes doesn’t save you anything … continue reading
Generative AI is transforming software development at an unprecedented pace. From code generation to test automation, the promise of faster delivery and reduced costs has captivated organizations. However, this rapid integration introduces new complexities. Reports increasingly show that while task-level productivity may improve, systemic performance often suffers. This article synthesizes perspectives from cognitive science, software … continue reading
Think your organization is too small to be a target for threat actors? Think again. In 2025, attackers no longer distinguish between size or sector. Whether you’re a flashy tech giant, a mid-sized auto dealership software provider, or a small startup, if you store data someone is trying to access it. As security measures around … continue reading
The concept of “shift left” is fundamentally sound. Integrating security earlier into the software development life cycle (SDLC) seems like the obvious move. Instead of leaving security as an afterthought, why not address it before it becomes a problem? It sounds ideal: Faster remediation, fewer vulnerabilities slipping through the cracks, and developers becoming security heroes. … continue reading
The National Institute of Standards and Technology (NIST) published a new draft document that outlines strategies for integrating software supply chain security measures into CI/CD pipelines. Cloud-native applications typically use a microservices architecture with a centralized infrastructure like a service mesh. These applications are often developed using DevSecOps, which uses CI/CD pipelines to guide software … continue reading
Recent large-scale attacks on enterprise and infrastructure security have led the federal government and private businesses to rethink the way they manage security. Last month’s ransomware attack on the Colonial Pipeline shut down the main part of its network for five days, affecting fuel supplies across the United States. Additionally, an attack on SolarWinds infrastructure … continue reading
As organizations look towards DevSecOps as a way to infuse security throughout the software development life cycle while at the same time accelerating releases, more sides of the business have their hands on deck regarding security. However, it’s still the security side that’s on the hook when a major breach happens. “People like to say … continue reading
AWS is enabling teams to address application weaknesses with the introduction of the AWS Fault Injection Simulator at is virtual AWS re:Invent 2020 conference this week. The simulator is a chaos engineering tool expected to be generally available in 2021. According to the company, the new offering will come packed with pre-built templates for creating … continue reading
Fastly entered into a definitive agreement to acquire Signal Sciences for approximately $775 million in cash and stock. The acquisition will expand Fastly’s security portfolio through developer-first web applications and API protection solutions, according to the company. “Fastly was founded to meet developers’ need for greater visibility and control. Now, as the digital transformation movement … continue reading
Security has become enough of a drumbeat issue that its importance has trickled down from the CISOs through the security organization to software developers. And slowly but surely, developers are beginning to take ownership of security as a part of the development life cycle. But this heightened awareness of security hasn’t necessarily led to better … continue reading
