Spring4Shell vulnerability could have ‘a larger impact’ than Log4j

A newly-discovered zero-day vulnerability known as Spring4Shell could have “a larger impact” than Log4j.

Log4j made waves in recent months as the vulnerability in the popular open-source logging library enabled attackers to break into systems, steal passwords and logins, extract data, and infect networks with malicious software.

However, attention is now shifting to the Spring4Shell exploit.

Spring4Shell is a zero-day remote code execution (RCE)...

31 March 2022 | Frameworks

2022 Java Developer Productivity Report: Teams aren’t realising the promise of microservices

The latest edition of Perforce’s annual Java Developer Productivity Report highlights that teams aren’t realising the full promise of microservices and CI/CD.

Developers are often finding that microservices and CI/CD are decreasing their productivity rather than improving. 

Among CI/CD users, 42 percent of respondents report build completion times of over five minutes. The most common (33%) response was build times exceeding 10 minutes.

The highest...

23 February 2022 | Approaches

Ruby on Rails creator: 7.0 ‘is the version of Rails I’ve been longing for’

David Heinemeier Hansson, the creator of Ruby on Rails, says 7.0 is the version he’s “been longing for”.

Version 7.0 was released last Wednesday and brings with it several major upgrades:

https://www.youtube.com/watch?v=mpWFrUwAN88

Hansson says 7.0 is “the one where all the cards are on the table. No more tricks up our sleeves. The culmination of years of progress on five different fronts at once.”

Among the back-end upgrades is the ability for...

20 December 2021 | Databases

Google’s latest framework aims to prevent SolarWinds-like supply chain attacks

Google has unveiled a new framework called Supply chain Levels for Software Artifacts, or SLSA (pronounced "salsa").

The intention of SLSA is to help prevent the growing number of devastating supply chain attacks in recent years—such as the SolarWinds and CodeCov hacks.

Google describes SLSA as "an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain."

The company says that SLSA is inspired by its own...

18 June 2021 | Frameworks

O’Reilly: Python leads languages, React for web development, and ML/AI interest grows

Education giant O’Reilly has released data about its online platform which highlights some interesting software development trends.

The headline finding is that Python continues to be the programming language with the most interest.

Given the growth in topics relating to Python such as AI – and the language often considered the best to pick up for new developers – it’ll perhaps come of little surprise to hear of its popularity.

O’Reilly highlights...

27 January 2021 | JavaScript