The JRebel 2021.3.0 release adds support for Vaadin 20.0, SpringBoot 2.5, and Glassfish 6.1. Vaadin 20.0 has support for Gradle as well as Spring Security helpers and the latest SpringBoot versions allow JRebel users to be able to freely update their applications to the latest technologies available. Also, the XRebel 2021.3.0 release adds support for … continue reading
The autonomous digital enterprise solution provider BMC announced several new innovations and integrations within the BMC Automated Mainframe Intelligence and BMC Compuware portfolios to harden mainframe security. The update provides automated detection and response capabilities, which allow weaknesses and malicious activity to be discovered before a compromise occurs. With the new integrations, developers now have … continue reading
The Scorecards project is an automated security tool that produces a “risk score” for open-source projects that just reached version 2 yesterday. The new version adds new security checks, a scaled up number of projects being scored and data has been made easily accessible for analysis. It was created last fall by the Google Open … continue reading
Hackers are always looking for new ways to compromise applications. As languages, tools and architectures evolve, so do application exploits. And the latest target is developers. Traditionally, software supply chain exploits, such as the Struts incident at Equifax, depended on an organization’s failure to patch a known vulnerability. More recently, supply chain attacks have taken … continue reading
GitHub launched a technical preview of GitHub Copilot, a new AI pair programmer that helps developers write better code. The tool draws context from the code that’s being worked on and suggests whole lines or entire functions to suggest alternative ways to solve problems, write tests, and explore new APIs without having to search for … continue reading
As employees transitioned to working from home, this created new vulnerabilities in systems designed for a centralized, in-office workforce and also resulted in a spike in cybercriminal activity. This is according to the new 2021 Network Security Report conducted by the cybersecurity and managed security services provider Trustwave which is based on scans of millions … continue reading
Time to market is a key indicator today of business success, and anything that impedes a business’ ability to move fast needs to be addressed. While there have been a number of efforts to automate and integrate security into the application development process, it continues to be a hindrance to many organizations. Organizations are still … continue reading
Microsoft announced the first preview release of Visual Studio 2022, which the company aims to use to test and tune the scalability of the new 64-bit platform. The Visual Studio 2022 previews can be installed side-by-side with earlier versions of Visual Studio, which are available in all three editions (Community, Pro, and Enterprise), and are … continue reading
The new Davis Security Advisor automatically contextualizes and prioritizes application vulnerabilities to reduce enterprise risk by empowering DevSecOps teams to make more informed real-time decisions. Davis automatically monitors all software libraries in preproduction and production and removes false positives. It then aggregates vulnerability data and prioritizes remediation tactics. “Manual processes and piecemeal solutions that don’t … continue reading
Page-fetch is a new open-source tool created by the Detectify Security Research team that helps hunt for prototype pollution issues. One of the most common places for prototype pollution — the ability to inject properties into existing JavaScript language construct prototypes — is in processing the query string. Detectify’s solution can already find issues that … continue reading
Lightbend has announced the launch of Akka Serverless, a cloud-native development platform-as-a-service that enables the creation of cloud-native apps using any programming language and eliminates the need for databases in deploying business-critical apps. Akka has a simple, API-driven programming model that makes it easy for developers to define the data that they need so that … continue reading
Gremlin’s new Chaos Engineering Practitioner Certificate Program was designed to help software teams get started with chaos engineering. “No matter your title and background, Gremlin makes it easy for anybody interested in reliability to become a Chaos Engineering expert,” Tammy Butow, a principal SRE at Gremlin, wrote in a blog post. “This Gremlin Certificate Program … continue reading
