Checkmarx uncovers persistent Python package threat

Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain.

The malicious actor employed a systematic approach, disguising their packages with names closely resembling popular legitimate Python packages. These decoy packages, camouflaged to blend in, successfully garnered thousands of downloads. The malicious payload, embedded within the...

16 November 2023 | Developer

Stack Overflow reveals UK’s top 10 best-paid developer roles

Stack Overflow has unveiled the UK's top 10 best-paid developer positions, shedding light on the lucrative avenues within the industry.

Leading the pack are developers in senior executive roles, enjoying an average salary of £128,200 ($155,173). Notably, these professionals experienced a significant 30 percent increase in their salaries between 2022 and 2023, reflecting the industry's robust growth. 

Following closely are engineering managers, earning an average of...

9 October 2023 | Artificial Intelligence

Sonatype reveals DevOps and SecOps leaders’ views on generative AI

While the tech community remains divided on the potential of generative AI tools, there's a consensus that their impact on the industry is comparable to the adoption of cloud technology.

Software engineers are harnessing generative AI to explore libraries, create new code, and enhance their development process, while application security professionals employ it for code analysis and security testing.

A recent survey conducted by Sonatype in the US sheds light on how...

12 September 2023 | Artificial Intelligence

Salt launches STEP program to enhance API security for enterprises

Salt Security has launched an initiative to help enterprises significantly reduce risk across their API ecosystem.

The STEP (Salt Technical Ecosystem Partner) program encompasses the integration of AI-driven API security insights into existing workflows and tools within organisations. This integration empowers joint customers to bolster their security posture using the Salt Security API Protection Platform.

Salt has introduced STEP’s inaugural partners, focusing on API...

23 August 2023 | API

Apexon partners with LambdaTest on digital experience testing

Apexon, a digital-first technology services company, and LambdaTest, a digital experience testing cloud, have teamed up to deploy cloud-based quality engineering and assurance solutions.

The collaboration will enable enterprise clients to accelerate time-to-market, improve user experience, and lower operational costs by building increased automation, agility, and security into their DevOps lifecycles.

The partnership brings together Apexon’s wide-ranging digital...

22 February 2023 | Cloud

Meeting software delivery demands through value stream management

Organisations everywhere have faced countless challenges over the last two years. With the global health crisis forcing businesses to accelerate their digital transformation initiatives, the tech industry came under increasing pressure to keep up with demand. 

Today, as we emerge from the worst of the pandemic, companies face increasing social, political, and economic challenges. An innovation-only mindset is now the only viable option for many businesses’ survival and...

28 September 2022 | Approaches

Perforce expands its DevOps portfolio with Puppet acquisition

Perforce is expanding its portfolio of DevOps tools with the acquisition of Puppet, an infrastructure-as-code pioneer.

“This acquisition expands our product offering by adding new capabilities for enterprise DevOps teams to manage and secure their critical infrastructure,” said Mark Ties, CEO of Perforce.

“With Puppet, we will be providing our customers with access to a product portfolio that enables them to drive innovation on a global scale.

“We look...

11 April 2022 | Development Tools

Software supply chain attacks increased over 300% in 2021

We all knew there was an increase in software supply chain attacks in 2021, but a new study has quantified just how bad things got.

Argon Security – recently acquired by Aqua Security – published the latest edition of its annual Software Supply Chain Security Review this week.

The headline stat from Argon’s report that software supply chain attacks grew by more than 300 percent in 2021 compared to 2020.

Eran Orzel, Senior Director of Argon Customer...

20 January 2022 | Development Tools

In-built infrastructure security advantage with policy as code

It is impossible to discuss where DevOps trends are heading without mentioning policy as code, the writing of code in a high-level language to manage and automate policies in the developmental process.

In an ever-evolving regulatory landscape, organisations simply don't have the right technology or resources to scale their security and compliance efforts. Policy as code provides the much-needed agility to address regulations or standards as they emerge. This means that new...

2 December 2021 | DevOps

Ram Chakravarti, CTO, BMC Software: On breaking the DevOps plateau and using automation to improve security

The majority of organisations are stuck in a "plateau" in their DevOps evolution and are struggling to advance into the higher stages of adoption.

BMC Software knows a thing or two about the subject and recently sponsored Puppet's 2021 State of DevOps report.

Developer spoke with Ram Chakravarti, CTO of BMC Software, to gain some insights into how to break the DevOps plateau and how automation can be used to bolster security.

Developer: Puppet’s 2021...

16 August 2021 | Approaches