Application Security | News, how-tos, features, reviews, and videos
Generative AI could be the holy grail of DevSecOps, from writing secure code and documentation to creating tests. But it could be a major point of failure if not used correctly.
Security teams are managing many independent security tools and are able to fully review only half of major code changes, a new survey has found.
Kubernetes-focused attacks are on the rise. Here is an overview of the current threats and best practices for securing your clusters.
The AI-powered OSS-Fuzz tool can help find vulnerabilities and be combined with an auto-patching pipeline.
A dependent action in Bazel could permit malicious code injection into a GitHub Actions workflow, highlighting risk from third-party dependencies.
Leaky Vessels container escape vulnerabilities in Docker runc and other container runtimes potentially break the isolation layer between container and host operating system.
A significant percentage of the 50,000 most-downloaded npm packages are deprecated or have a deprecated dependency but provide no warning.
This open-source collaborative effort to share global AI security standards, regulations, and knowledge aims to mitigate risk and boost AI cybersecurity for all.
Open-source software is ever vulnerable to malicious actors, but software bills of material can help mitigate the threat. NSA guidance sets a solid foundation for managing the ecosystem.
The company also releases advisories for high-severity data leaks and denial-of-service issues across multiple products, including Jira and Confluence.