An analysis of 2.5 million GitHub Actions workflow files belonging to 553,000 organizations and personal users surfaces thousands of potential vulnerabilities.
Ensuring Application Security from Design to Operation with DevSecOps
Safe development is critical for any company that creates software, whether for its own use or for others. DevSecOps principles focus on automating information security processes and introducing security measures early in software development. DevSecOps is extremely important these days as, according to recent surveys, more than 99% of tech professionals report that, on average, […]
Datadog DevSecOps Report Shines Spotlight on Java Security Issues
Datadog today published a State of DevSecOps report that finds 90% of Java services running in a production environment are vulnerable to one or more critical or high severity vulnerabilities introduced by a third-party library, versus an average of 47% for alternative programming languages. Based on an analysis of IT environments being monitored using the […]
Survey Sees Limited DevSecOps Progress Being Made as Vulnerabilities Mount
A recent survey found that, on average, organizations have 55.5 security vulnerabilities each day in their remediation queue, with at least one critical.
Cycode Brings Generative AI to App Security Posture Management
Cycode’s generative AI capabilities in its ASPM platform make it simpler for DevSecOps teams to identify the root cause of vulnerabilities.
Veracode Report Shines Spotlight on Massive Application Security Debt
In an analysis of more than a million applications, Veracode found 42% contained flaws that remained unfixed for longer than a year.
Squaring the Circle: How to Make Public APIs Private
Many API attacks are effectively zero-day, novel attacks that exploit recent and unique changes to specific APIs. Here’s how to stop them.
Lineaje Allies With Persistent Systems on Open Source Software Remediation Service
Lineaje and Persistent Systems are providing a managed service for remediating open source vulnerabilities that leverages AI technologies.
Backslash ASPM Platform Prioritizes DevSecOps Efforts
Backslash announced general availability of an ASPM platform that identifies and prioritizes vulnerabilities based on ease of exploitation.
Mobb Launches Community Edition of Automated Remediation Tool
Mobb today made available a free community edition of a namesake tool that creates fixes to open source vulnerabilities. The fixes are based on the results of code scanning by a static application security testing (SAST) tool. Fresh from raising $5.4 million in seed funding, Mobb CEO Eitan Worcel said the company developed a tool […]