Tag: software security
-
Alerts: CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/17/cisa-and-fbi-release-secure-design-alert-eliminating-cross-site-scripting-vulnerabilities Source: Alerts Title: CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities Feedly Summary: Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting…
-
The Register: The empire of C++ strikes back with Safe C++ blueprint
Source URL: https://www.theregister.com/2024/09/16/safe_c_plusplus/ Source: The Register Title: The empire of C++ strikes back with Safe C++ blueprint Feedly Summary: You pipsqueaks want memory safety? We’ll show you memory safety! We’ll borrow that borrow checker After two years of being beaten with the memory-safety stick, the C++ community has published a proposal to help developers write…
-
Hacker News: CrowdStrike ex-employees: ‘Quality control was not part of our process’
Source URL: https://www.semafor.com/article/09/12/2024/ex-crowdstrike-employees-detail-rising-technical-errors-before-july-outage Source: Hacker News Title: CrowdStrike ex-employees: ‘Quality control was not part of our process’ Feedly Summary: Comments AI Summary and Description: Yes Summary: The text highlights significant operational issues at CrowdStrike leading to a catastrophic software failure that resulted in widespread outages for major services. Former employees indicated that rushed development processes…
-
Scott Logic: Evolving with AI from Traditional Testing to Model Evaluation I
Source URL: https://blog.scottlogic.com/2024/09/13/Evolving-with-AI-From-Traditional-Testing-to-Model-Evaluation-I.html Source: Scott Logic Title: Evolving with AI from Traditional Testing to Model Evaluation I Feedly Summary: Having worked on developing Machine Learning skill definitions and L&D pathway recently, in this blog post I have tried to explore the evolving role of test engineers in the era of machine learning, highlighting the key…
-
The Register: ServiceNow moves its backend off MariaDB to homebrew Postgres
Source URL: https://www.theregister.com/2024/09/10/servicenow_xanadu_postgres_raptordb/ Source: The Register Title: ServiceNow moves its backend off MariaDB to homebrew Postgres Feedly Summary: Xanadu release also adds a Pro tier, along with lots more AI SaaSy workflow vendor ServiceNow has opted for a different database to back its applications, and will introduce it this week along with the new “Xanadu"…
-
Hacker News: Google says replacing C/C++ in firmware with Rust is easy
Source URL: https://www.theregister.com/2024/09/06/google_rust_c_code_language/ Source: Hacker News Title: Google says replacing C/C++ in firmware with Rust is easy Feedly Summary: Comments AI Summary and Description: Yes Summary: Google is pushing for the adoption of the Rust programming language in firmware development, particularly in its Android Virtualization Framework. The transition from C and C++ to Rust is…
-
Slashdot: GitHub Actions Typosquatting: a High-Impact Supply Chain Attack-in-Waiting?
Source URL: https://developers.slashdot.org/story/24/09/07/0427219/github-actions-typosquatting-a-high-impact-supply-chain-attack-in-waiting?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: GitHub Actions Typosquatting: a High-Impact Supply Chain Attack-in-Waiting? Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the vulnerabilities intrinsic to the GitHub Actions ecosystem, particularly focusing on the threat of typosquatting. It highlights how this form of attack can lead to significant risks in software supply…
-
Docker: Join Docker CEO Scott Johnston at SwampUP 2024 in Austin
Source URL: https://www.docker.com/blog/swampup-2024-austin/ Source: Docker Title: Join Docker CEO Scott Johnston at SwampUP 2024 in Austin Feedly Summary: Discover how Docker and JFrog are enhancing secure software development at SwampUP 2024 in Austin, Texas, from September 9-11. Docker CEO Scott Johnston will highlight the critical roles of Docker Desktop, Docker Hub, and Docker Scout in…
-
Hacker News: OAuth from First Principles
Source URL: https://stack-auth.com/blog/oauth-from-first-principles Source: Hacker News Title: OAuth from First Principles Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides a detailed exploration of the OAuth 2.0 authorization process through the lens of security vulnerabilities. It highlights various security attacks that can occur if OAuth is implemented incorrectly, and outlines secure methods…
-
Hacker News: Show HN: Open-source pull request review agent
Source URL: https://news.ycombinator.com/item?id=41443605 Source: Hacker News Title: Show HN: Open-source pull request review agent Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the launch of a new browser extension named PR Agent, which assists in reviewing pull requests through AI tools. It highlights features relevant to code improvement and security, making…