DevSecOps
Oasis Security Identifies Security Weakness in Cursor AI Coding Tool
Oasis Security this week warned application developers of a security flaw in the Cursor artificial intelligence (AI) code editor developed by Anysphere, Inc. that potentially could be used to allow a maliciously ...
JFrog CEO: AI Agents Require Practices Beyond Security, Traceability
NAPA, Calif. -- A new persona in software development, artificial intelligence (AI) agents rather than human developers, has made it imperative that foundational platforms incorporate agentic practices alongside security, traceability, and visibility ...
John Willis: The True North of DevOps and DevSecOps
Over the last 14-plus years of my journey through DevOps, I’ve had the good fortune to meet some of the smartest, most generous, most forward-thinking people in our industry. It’s one of ...
Tackling the DevSecOps Gap in Software Understanding
When I first read the recent article from CISA titled "Tackling the National Gap in Software Understanding," I had the same reaction I imagine many of you did: Well, of course this ...
Veracode Allies with Wiz to Bring More Context to DevSecOps Workflows
Veracode today revealed an alliance through which it will integrate its application security posture management (ASPM) platform with the cloud native application protection platform from Wiz ...
Kusari Adds AI Security Tool to Inspect Code as Pull Requests Are Made
Kusari has added an artificial intelligence (AI) tool that runs a security risk assessment every time an application developer makes a pull request. Company CTO Mike Lieberman said Kusari Inspector is designed ...
AWS Extends Cloud Security Reach to Include DevSecOps Tools to Scan Code
Amazon Web Services (AWS) this week made Amazon Inspector, a code scanning tool for surfacing vulnerabilities that is designed to be natively integrated with GitHub and GitLab platforms, generally available. Announced at ...
Survey Surfaces Uneven Adoption of SBOMs to Secure Software
A survey of 100 security professionals finds nearly half (48%) of security professionals admit their organizations are falling behind on meeting software bill material (SBOM) requirements as specified by the U.S. Office ...
North Korean Bad Actor’s Fake Job Offer Scam Targets Developers
Freelance developers around the world are being targeted by North Korean bad actors posing as job recruiters who as part of the fake application process entice them to run software jobs that ...
6 Essential Components of a Successful Security ‘Rewards Program’ for Software Developers
The software development industry could use a rewards program especially when it comes to ensuring a ‘security first’ mindset among developers ...
Breaking Free from Ransomware: Securing Your CI/CD Against RaaS
For developers, few things are more precious than their codebase. Yet, a chilling trend is emerging: Ransomware-as-a-service (RaaS) attacks targeting CI/CD pipelines, holding valuable code hostage ...
CloudBees Acquires Launchable to Advance Testing Using AI
CloudBees today revealed it has acquired Launchable, a provider of a test automation platform, to enable DevOps teams to improve both application security and software quality. Financial terms of the acquisition are ...
