Tag: devsecops
Survey Surfaces Raft of AI Coding Issues Involving Embedded Systems
Mike Vizard | | AI coding assistants, AI security risks, AI-generated code vulnerabilities, Black Duck Software survey, C++ embedded programming, Censuswide research, cybersecurity for embedded systems, developer vs management perspectives., devsecops, embedded systems security, open source AI models, open source license compliance, Python in embedded systems, Software Bill of Materials (SBOM), software composition analysis (SCA)A new survey of 785 development and security professionals reveals that 89% of organizations are using AI coding assistants for embedded systems, but concerns over security, licensing risks, and governance remain. Python ...
Coding at the Speed of AI: Innovation, Vulnerability, and the GenAI Paradox
John Trest | | AI code review, AI Governance, AI hallucinations, AI in DevOps, AI in software development, AI security best practices, AI-generated code vulnerabilities, ChatGPT, cross-site scripting, developer training, devsecops, EU AI Act, GenAI security risks, generative AI, GitHub Copilot, hardcoded credentials, insecure deserialization, Log4Shell AI reproduction, Replit Ghostwriter, secure coding, U.S. Executive Order 14110Generative AI accelerates software delivery but also reintroduces vulnerabilities, making secure coding practices, oversight, and developer training essential for safe adoption ...
Qwiet AI Extends Microsoft Support in Platform for Fixing Vulnerabilities
Mike Vizard | | AI agents, AI coding tools, application security, AutoFix, Azure Boards, Azure DevOps, devsecops, github, SARIF, SAST, software security, Swift, vulnerability remediationQwiet AI extends its AI-driven application security platform with deeper Microsoft DevOps integrations, enhanced automation, and expanded AutoFix capabilities to proactively remediate code vulnerabilities ...
The EU’s Cyber Resilience Act: Redefining Secure Software Development
The European Union's Cyber Resilience Act (CRA) marks a turning point for anyone building, selling, or maintaining digital products. Whether it’s enterprise software, consumer apps, IoT devices, or embedded systems, the CRA ...
John Willis: The True North of DevOps and DevSecOps
Over the last 14-plus years of my journey through DevOps, I’ve had the good fortune to meet some of the smartest, most generous, most forward-thinking people in our industry. It’s one of ...
Tackling the DevSecOps Gap in Software Understanding
When I first read the recent article from CISA titled "Tackling the National Gap in Software Understanding," I had the same reaction I imagine many of you did: Well, of course this ...
White Paper: The Future of DevSecOps in a Fully Autonomous CI/CD Pipeline
Abstract The growing complexity of modern software development and the increasing speed at which organizations need to deliver software have led to the widespread adoption of DevOps practices, particularly continuous integration/continuous deployment ...
HoundDog.ai Code Scanner Shifts Data Privacy Responsibility Left
HoundDog.ai today made generally available a namesake static code scanner that enables security and privacy teams to enforce guardrails on sensitive data embedded in large language model (LLM) prompts or exposed artificial ...
Minimus Adds VEX Support to Managed Hardened Images Service
Minimus has extended its managed service for providing application developers with hardened images to include support for the Vulnerability Exploittability eXchange (VEX) format used to share data across multiple application security tools ...
“Shove Left” – Dumping Downstream Tasks Onto Developers – A Recipe for Failure
Beware the "Shove Left" anti-pattern. Simply dumping downstream tasks onto developers without changing the system is a recipe for burnout, inefficiency and failure ...
Emerging DevOps Trends: Security, Scalability and Sustainability
As DevOps continues to grow, rapid changes such as security, scalability and sustainability are at the forefront of these changes ...
