David DeSanto, GitLab: AI’s impact on software development in 2024

David DeSanto, Chief Product Officer at GitLab, foresees a paradigm shift in the realm of software development in 2024—with AI taking centre stage.

GitLab's 2023 Global DevSecOps Report serves as the foundation for these predictions, offering a glimpse into the future landscape of organisations' software development toolchains.

AI bias: A hurdle on the path to progress

In the short term, the accelerated integration of AI tools may present a formidable challenge: an...

7 December 2023 | Approaches

PHP 8.0 reaches EOL leaving some websites vulnerable

PHP 8.0 reached its end of life (EOL) on 26 November 2023 and will no longer receive any updates or patches.

PHP 8.0 was released on 26 November 2020 and brought many new features and improvements such as named arguments, attributes, constructor property promotion, match expression, nullsafe operator, JIT, and more.

The EOL of PHP 8.0 means that any websites still using it will be exposed to potential security risks and compatibility issues if they do not upgrade to a...

27 November 2023 | Developer

AI coding assistants: A double-edged sword for DevOps in 2024

A growing reliance on AI-powered coding assistants is reshaping how DevOps teams operate, for better or worse.

According to Forrester's 2024 cybersecurity, risk, and privacy predictions, AI coding assistants are becoming integral to boosting productivity. However, a cautionary note accompanies this technological shift, as Forrester warns of potential pitfalls that could lead to cybersecurity breaches.

Forrester predicts that the combination of inconsistent compliance and...

10 November 2023 | API

Wallarm highlights disturbing trends in API security threats

Wallarm has released its Q3 2023 API ThreatStats report which sheds light on the escalating threats targeting APIs and revealing vulnerabilities that have impacted industry giants such as Netflix, VMware, and SAP.

The report's revamped ‘Top 10 API Security Threats’ compilation outlines 239 vulnerabilities discovered during the quarter, with injections taking the lead.

Injections involve inserting malicious data or code into APIs, leading to unauthorised access and...

8 November 2023 | API

Salt launches STEP program to enhance API security for enterprises

Salt Security has launched an initiative to help enterprises significantly reduce risk across their API ecosystem.

The STEP (Salt Technical Ecosystem Partner) program encompasses the integration of AI-driven API security insights into existing workflows and tools within organisations. This integration empowers joint customers to bolster their security posture using the Salt Security API Protection Platform.

Salt has introduced STEP’s inaugural partners, focusing on API...

23 August 2023 | API

Cyber Security & Cloud Expo: Examining the 2022 malware landscape

Geopolitical tensions and the largest war in Europe for decades have defined the malware landscape in 2022.

Recorded Future has been capturing global threat information from the internet, dark web, and technical sources for over a decade. The firm combines this vast amount of data with AI and human expertise to spot threats early and provide actionable insights to security professionals.

Toby Wilmington, Manager - Sales Engineering at Recorded Future, provided his...

23 September 2022 | Hacking & Security

ShiftLeft: Just 3% of app vulnerabilities are attackable

ShiftLeft, an innovator in automated application security testing, has released its second annual AppSec Progress Report documenting critical trends in application security and how organizations are shifting security left to deal with the ever-rising volume of attacks and disclosed vulnerabilities.

The report covers year-over-year trends and general findings analyzed from millions of scans last year using the ShiftLeft CORE platform across applications running numerous programming...

29 June 2022 | Developer

Five Eyes alliance lists 2021’s top vulnerabilities

A cybersecurity advisory issued by members of the ‘Five Eyes’ intelligence alliance lists the most-exploited vulnerabilities of 2021.

The Five Eyes consists of the US, UK, Canada, Australia, and New Zealand. Over recent weeks, cybersecurity authorities from the normally secretive alliance have issued a number of joint statements amid increasing global threats.

According to the alliance, here were the top 15 “routinely exploited” vulnerabilities in...

28 April 2022 | Hacking & Security

Google’s Project Zero found over twice as many exploits in 2021

Project Zero, Google’s in-house team of experts tasked with finding zero-day exploits, reports that it found over twice as many in 2021.

According to the team’s annual report, it found a record 58 zero-day exploits in 2021. That’s over double the 25 it detected in 2020 and the previous record of 28 detected in 2015.

(Credit: Google)

While such a large uptick may cause alarm, Google puts a positive spin on the news.

“We believe the large...

20 April 2022 | Hacking & Security

GitHub Advisory Database now accepts community contributions

GitHub is opening its Advisory Database to community contributions to help further secure software supply chains.

One vulnerability can have a devastating “domino effect” on software across the globe. With the use of open-source increasing, so does the threat of a vast amount of software being compromised.

GitHub launched its Advisory Database almost two years ago. As the largest database of vulnerabilities in software dependencies in the world, it’s become an...

22 February 2022 | Hacking & Security