Security | News, how-tos, features, reviews, and videos
LLMs could be exploited to launch waves of “package confusion” attacks, first major study into package hallucination finds.
The Open Regulatory Compliance Working Group will assist open source participants with adhering to global regulatory requirements such as the EU's Cyber Resilience Act.
Security-related enhancements include crypto performance updates, new debugging options, and additions to Kerberos and PKI.
JFrog Runtime Security integrates with JFrog Artifactory to identify the source and owner of vulnerable packages and prioritize remediation.
Copilot Autofix, a new addition to the GitHub Advanced Security service, analyzes vulnerabilities in code and offers code suggestions to help developers fix them.
Datadog is interested in acquiring the software development platform, according to a media report, prompting analysts to consider how a sale would affect GitLab’s pricing and product plans.
Unless there is congressional action, non-compete rules will now vary from state to state; IT workers are back to precisely where they were a few months ago.
Artifact Attestations guarantee the integrity of artifacts built inside GitHub Actions by creating and verifying digital signatures that link the artifact to source code and build instructions.
Two-thirds of respondents said their software development life cycle is mostly or completely automated, while security overtook cloud as the top priority for IT investment.
VC-backed up-and-comers zero in on devsecops, the software supply chain, and securing the software development life cycle.