applicationsecurity
By Paul Krill Synopsys has introduced Black Duck Supply Chain Edition, a software composition analysis (SCA) package that helps organizations mitigate upstream risk in software supply chains, including from AI code. Announced April 9, Black Duck Supply Chain Edition is intended to address a rise in software supply chain attacks targeting vulnerable or maliciously altered open source and third-party components. Due April 25, the product combines open source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection to give a view of software ...
Info World
By Paul Krill Synopsys has introduced Black Duck Supply Chain Edition, a software composition analysis (SCA) package that helps organizations mitigate upstream risk in software supply chains, including from AI code. Announced April 9, Black Duck Supply Chain Edition is intended to address a rise in software supply chain attacks targeting vulnerable or maliciously altered open source and third-party components. Due April 25, the product combines open source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection to give a view of software ...
Info World
By Paul Krill Synopsys has introduced Black Duck Supply Chain Edition, a software composition analysis (SCA) package that helps organizations mitigate upstream risk in software supply chains, including from AI code. Announced April 9, Black Duck Supply Chain Edition is intended to address a rise in software supply chain attacks targeting vulnerable or maliciously altered open source and third-party components. Due April 25, the product combines open source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection to give a view of software ...
Info World
By Paul Krill Parasoft has launched a tool to enhance safety testing for C and C++ applications. The tool comes at a time when the two venerable programming languages have come under fire over safety concerns. Announced April 8, the C/C++test CT (Continous Testing) tool is intended to empower large developer teams to build reliable and dependable embedded systems. It provides a comprehensive solution for large teams engaged in the development of safety-critical and security-critical C and C++ products, Parasoft said. C/C++test CT integrates with developers’ desktop environments such as Visual ...
Info World
By Paul Krill The Eclipse Foundation announced that it is partnering with the Apache Software Foundation and other open source foundations to establish common specifications for secure software development based on existing open source best practices. In an April 2 blog post, Eclipse said that the goal of the initiative was to meet the challenges of cybersecurity in the open source ecosystem and demonstrate cooperation with the European Union’s Cyber Resilience Act (CRA). Participants include Apache, Eclipse, the Rust Foundation, the PHP Foundation, the Blender Foundation, the OpenSSL Software...
Info World
By Phil Nash 2023 has been a breakout year for developers and generative AI. GitHub Copilot graduated from its technical preview stage in June 2022, and OpenAI released ChatGPT in November 2022. Just 18 months later, according to a survey by Sourcegraph, 95% of developers report they use generative AI to assist them in writing code. Generative AI can help developers write more code in a shorter space of time, but we need to consider how much of a good thing that may be. When we talk about AI tools for software development, right now that mostly means ChatGPT and GitHub Copilot, though there is...
Info World
By Paul Krill GitHub is previewing code scanning autofix, a feature that combines its GitHub Copilot AI assistant with its CodeQL code scanner to provide suggested fixes to discovered vulnerabilities. Code scanning autofix is available in a public beta to GitHub Advanced Security customers. Launched March 20, code scanning autofix makes vulnerability fixes available right away as a developer is coding, GitHub said. GitHub Copilot AI is used to provide a code suggestion and explanation directly in the pull request. Code scanning autofix covers more than 90% of alert types in JavaScript, TypeScr...
Info World
By Paul Krill In JFrog’s just-released Software Supply Chain State of the Union 2024 report, the software supply chain platform provider found extensive use of AI and machine learning tools for security. However, only one in three software developers the company surveyed use generative AI to write code. While 90% of survey respondents indicate their organizations currently use AI/ML-powered tools in some capacity to assist in security scanning and remediation, only about one in three professionals, 32%, said their organizations use AI/ML-powered tools to write code. This indicates the majority...
Info World
By Paul Krill In JFrog’s just-released Software Supply Chain State of the Union 2024 report, the software supply chain platform provider found extensive use of AI and machine learning tools for security. However, only one in three software developers the company surveyed use generative AI to write code. While 90% of survey respondents indicate their organizations currently use AI/ML-powered tools in some capacity to assist in security scanning and remediation, only about one in three professionals, 32%, said their organizations use AI/ML-powered tools to write code. This indicates the majority...
Info World
By Paul Krill C++ creator Bjarne Stroustrup has defended the widely used programming language in response to a Biden administration report that calls on developers to use memory-safe languages and avoid using vulnerable ones such as C++ and C. In a March 15 response to an inquiry from InfoWorld, Stroustrup pointed out strengths of C++, which was designed in 1979. “I find it surprising that the writers of those government documents seem oblivious of the strengths of contemporary C++ and the efforts to provide strong safety guarantees,” Stroustrup said. “On the other hand, they seem to have real...
Info World
閲覧を続けるには、ノアドット株式会社が「プライバシーポリシー」に定める「アクセスデータ」を取得することを含む「nor.利用規約」に同意する必要があります。
「これは何?」という方はこちら