Topic: vulnerabilities

GitHub’s Copilot Autofix generates remediation fixes for code vulnerabilities

GitHub is rolling out a new feature to not only help developers find vulnerabilities, but fix them quickly.  Copilot Autofix in GitHub Advanced Security (GHAS) analyzes vulnerabilities, explains their importance, and offers suggestions on how to remediate them.  “For developers who aren’t necessarily security experts, Copilot Autofix is like having the expertise of your security … continue reading

Report: Java is the language that’s most prone to third-party vulnerabilities

According to Datadog’s State of DevSecOps 2024 report, 90% of Java services have at least one or more critical or higher severity vulnerabilities.  This is compared to around 75% for JavaScript services, 64% for Python, and 50% for .NET. The average for all languages studied was 47% The company found that Java services are also … continue reading

How clean code can help prevent headline-grabbing vulnerabilities

While errors and bugs in coding technology may not always be harmful, many of them can be exploited by bad actors and result in vulnerabilities. Bad actors can leverage vulnerabilities to get the software to act in unexpected ways, potentially impacting the performance and security of the software. This could also give untrustworthy agents access to … continue reading

Veracode launches scanning tool to find API vulnerabilities

Veracode launched an advanced scanning tool that enables organizations to find and fix vulnerabilities in APIs.  The new capability leverages Veracode’s Dynamic Analysis (DAST) scanning engine to provide comprehensive security insights and remediation guidance for APIs. “The explosion of APIs means that application development is becoming more fragmented and decentralized in nature, so the attack … continue reading

bottle of poison

How hackers poison your code

Hackers are always looking for new ways to compromise applications. As languages, tools and architectures evolve, so do application exploits. And the latest target is developers. Traditionally, software supply chain exploits, such as the Struts incident at Equifax, depended on an organization’s failure to patch a known vulnerability. More recently, supply chain attacks have taken … continue reading

Android Partner Vulnerability Initiative launched to help manage security issues

The Android Security and Privacy Initiative (APVI) was launched to help developers manage security issues specific to Android OEMs.  “The APVI is designed to drive remediation and provide transparency to users about issues we have discovered at Google that affect device models shipped by Android partners,” the Android team wrote in a blog post. The … continue reading

HackerOne: The top 10 security vulnerabilities

Companies are paying the highest amount of bounties to fix cross-site scripting (XSS), improper authentication and information disclosure vulnerabilities. Meanwhile, some cloud-based vulnerabilities such as server-side request forgery (SSRF), in which an attacker can abuse functionality on the server to read or update internal resources, are seeing an uptick in bounties. This is according to … continue reading

CA Technologies acquires SourceClear for its DevSecOps portfolio

CA Technologies announced its acquisition of software composition analysis specialists SourceClear early this week with aims to incorporate SourceClear’s SaaS-based SCA tool and proprietary vulnerability database with their Veracode cloud platform. “We are excited about what this acquisition means for our customers in terms of increased support for SCA in DevSecOps environments and the ability … continue reading

SD Times news digest: Netflix bug bounty program, InfluxData’s Apache Arrow support, and GitHub’s security alerts

Netflix is launching a public bug bounty program in order to improve the security of their solutions as well as strengthen their relationship with the security community. The program will be available through Bugcrowd. “Netflix’s goal is to deliver joy to our 117+ million members around the world, and it’s the security team’s job to … continue reading

Synopsys acquires Black Duck Software

Synopsys officially announced the acquisition of Black Duck Software this week. The companies first entered into an agreement that would enable Synopsys to acquire Black Duck early last month. According to Synopsys, the acquisition of Black Duck will help provide its customers with visibility into open source software. Black Duck provides automated solutions that detect … continue reading

Report: The top 8 emerging technology domains, and their threats

With great technology comes great risks. As new technology continues to emerge in this digital day and age, Carnegie Mellon University’s Software Engineering Institute (SEI) is taking a deeper look on the impact they will have. The institute has released its 2017 Emerging Technology Domains Risk report detailing future threats and vulnerabilities. “To support the … continue reading

Researchers: SAP Point-of-Sale systems vulnerable to attack

There are many ways hackers can exploit vulnerabilities to get the information they want. Flaws in Point-of-Sale (PoS) systems is on this list, and ERPScan researchers recently found that PoS software distributed by German vendor SAP is missing crucial checks that leave it vulnerable to unauthorized access and modification. A video demonstration by the research team shows a … continue reading

DMCA.com Protection Status