Experimental News Clipping Site

Tag: development practices

  • The Register: The Feds want developers to stop coding ‘unforgivable’ buffer overflow vulns

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/13/fbi_cisa_unforgivable_buffer_overflow/ Source: The Register Title: The Feds want developers to stop coding ‘unforgivable’ buffer overflow vulns Feedly Summary: FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff US authorities have labelled buffer overflow vulnerabilities “unforgivable defects”, pointed to the presence of the holes in…

  • Alerts: CISA and FBI Warn of Malicious Cyber Actors Using Buffer Overflow Vulnerabilities to Compromise Software

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/02/12/cisa-and-fbi-warn-malicious-cyber-actors-using-buffer-overflow-vulnerabilities-compromise-software Source: Alerts Title: CISA and FBI Warn of Malicious Cyber Actors Using Buffer Overflow Vulnerabilities to Compromise Software Feedly Summary: CISA and the Federal Bureau of Investigation (FBI) have released a Secure by Design Alert, Eliminating Buffer Overflow Vulnerabilities, as part of their cooperative Secure by Design Alert series—an ongoing series aimed…

  • Hacker News: VSCode’s SSH Agent Is Bananas

    by

    Kurt Seifried
    in

    Source URL: https://fly.io/blog/vscode-ssh-wtf/ Source: Hacker News Title: VSCode’s SSH Agent Is Bananas Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the integration of VSCode with LLMs for enhanced remote editing and highlights security concerns associated with the extensive operations VSCode performs over SSH. It underscores the potential risks in using LLM-generated…

  • Hacker News: Microsoft Go 1.24 FIPS changes

    by

    Kurt Seifried
    in

    Source URL: https://devblogs.microsoft.com/go/go-1-24-fips-update/ Source: Hacker News Title: Microsoft Go 1.24 FIPS changes Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the advancements in Go 1.24’s cryptography packages towards achieving FIPS 140-3 compliance, emphasizing significant changes that enhance security for developers using Go. Key improvements include native support for FIPS-compliant libraries, streamlined…

  • Hacker News: GitHub Copilot: The Agent Awakens

    by

    Kurt Seifried
    in

    Source URL: https://github.blog/news-insights/product-news/github-copilot-the-agent-awakens/ Source: Hacker News Title: GitHub Copilot: The Agent Awakens Feedly Summary: Comments AI Summary and Description: Yes Summary: The text outlines significant updates to GitHub Copilot, including the introduction of agent mode and Copilot Edits, enhancing the AI pair programming experience for developers. These updates are poised to automate more tasks, improve…

  • Anchore: SBOMs 101: A Free, Open Source eBook for the DevSecOps Community

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/sboms-101-a-free-open-source-ebook-for-the-devsecops-community/ Source: Anchore Title: SBOMs 101: A Free, Open Source eBook for the DevSecOps Community Feedly Summary: Today, we’re excited to announce the launch of “Software Bill of Materials 101: A Guide for Developers, Security Engineers, and the DevSecOps Community”. This eBook is free and open source resource that provides a comprehensive introduction…

  • The Register: What does it mean to build in security from the ground up?

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/02/security_design_choices/ Source: The Register Title: What does it mean to build in security from the ground up? Feedly Summary: As if secure design is the only bullet point in a list of software engineering best practices Systems Approach As my Systems Approach co-author Bruce Davie and I think through what it means to…

  • Slashdot: Microsoft Makes DeepSeek’s R1 Model Available On Azure AI and GitHub

    by

    Kurt Seifried
    in

    Source URL: https://slashdot.org/story/25/01/29/2218253/microsoft-makes-deepseeks-r1-model-available-on-azure-ai-and-github?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Microsoft Makes DeepSeek’s R1 Model Available On Azure AI and GitHub Feedly Summary: AI Summary and Description: Yes Summary: Microsoft has enhanced its Azure AI Foundry platform by integrating DeepSeek’s R1 model, facilitating efficient experimentation and deployment of AI applications for developers. The model has passed extensive security evaluations,…

  • The Register: AI revoir, Lucie: France’s answer to ChatGPT paused after faux pas overdrive

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/29/french_ai_chatbot_lucie_suspended/ Source: The Register Title: AI revoir, Lucie: France’s answer to ChatGPT paused after faux pas overdrive Feedly Summary: Slew of embarrassing answers sends open source chatterbox back for more schooling As China demonstrates how competitive open source AI models can be via the latest DeepSeek release, France has shown the opposite.… AI…

  • Anchore: 2025 Cybersecurity Executive Order Requires Up Leveled Software Supply Chain Security

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/2025-cybersecurity-executive-order/ Source: Anchore Title: 2025 Cybersecurity Executive Order Requires Up Leveled Software Supply Chain Security Feedly Summary: A few weeks ago, the Biden administration published a new Executive Order (EO) titled “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity”. This is a follow-up to the original cybersecurity executive order—EO 14028—from…