GitLab releases critical security patches amid vulnerability streak

Person applying a band aid illustrating DevOps platform GitLab issuing new critical security patches following a streak of vulnerabilities that could impact organisations and software developers.

GitLab has released a new round of critical security patches for its Community Edition (CE) and Enterprise Edition (EE) products. The company strongly recommends that all self-managed GitLab installations be upgraded immediately to one of the latest versions: 17.4.2, 17.3.5, or 17.2.9.

These patch releases address several critical and high-severity vulnerabilities, including a critical flaw that could allow attackers to run pipelines on arbitrary branches. This latest security...

11 October 2024 | Developer

Safe Coding: Google’s strategy reduces memory safety vulnerabilities

Google logo illustrating its Safe Coding strategy to reduce memory safety vulnerabilities to improve security.

Google has unveiled compelling data highlighting the efficacy of its "Safe Coding" approach in reducing memory safety vulnerabilities.

The tech giant's strategy, which prioritises the use of memory-safe programming languages for new code development, has yielded impressive results. Most notably, Android has seen a sharp decline in memory safety vulnerabilities, plummeting from 76% of all vulnerabilities in 2019 to just 24% in 2024.

This reduction is particularly...

26 September 2024 | Android

GitHub’s Copilot Autofix triples vulnerability remediation speed

Shipping software quickly often comes at the cost of security, with vulnerabilities inadvertently making their way into production code. This poses a significant challenge, as many developers find security requirements complex and difficult to implement.

"Developers are shipping software faster than previously imaginable, releasing new features early and often. Yet, despite their best efforts to code securely, software vulnerabilities inadvertently make their way into production...

14 August 2024 | Artificial Intelligence

Google paid $10M to bug hunters in 2023

Google has revealed that it paid out $10 million to over 600 bug hunters from 68 countries in 2023.

Throughout the year, Google's bug hunter community played a pivotal role in identifying and addressing thousands of vulnerabilities across various Google platforms. The company's dedication to incentivising researchers saw the introduction of several new programs and improvements to existing ones.

Among the notable developments was the launch of the Bonus Awards program,...

13 March 2024 | Android

OpenText unveils next-gen cybersecurity auditing technology

OpenText has unveiled the second generation of its advanced cybersecurity auditing technology called Fortify Audit Assistant—aiming to help developers build more secure software amid rising threats and complexity in multi-cloud environments.

The key upgrade is the use of predictive analytics and machine learning to emulate human security auditors. By learning from 10 years of human expert data, the new Fortify Audit Assistant significantly improves accuracy and reduces false...

6 February 2024 | Development Tools

David DeSanto, GitLab: AI’s impact on software development in 2024

David DeSanto, Chief Product Officer at GitLab, foresees a paradigm shift in the realm of software development in 2024—with AI taking centre stage.

GitLab's 2023 Global DevSecOps Report serves as the foundation for these predictions, offering a glimpse into the future landscape of organisations' software development toolchains.

AI bias: A hurdle on the path to progress

In the short term, the accelerated integration of AI tools may present a formidable challenge: an...

7 December 2023 | Approaches

PHP 8.0 reaches EOL leaving some websites vulnerable

PHP 8.0 reached its end of life (EOL) on 26 November 2023 and will no longer receive any updates or patches.

PHP 8.0 was released on 26 November 2020 and brought many new features and improvements such as named arguments, attributes, constructor property promotion, match expression, nullsafe operator, JIT, and more.

The EOL of PHP 8.0 means that any websites still using it will be exposed to potential security risks and compatibility issues if they do not upgrade to a...

27 November 2023 | Developer

AI coding assistants: A double-edged sword for DevOps in 2024

A growing reliance on AI-powered coding assistants is reshaping how DevOps teams operate, for better or worse.

According to Forrester's 2024 cybersecurity, risk, and privacy predictions, AI coding assistants are becoming integral to boosting productivity. However, a cautionary note accompanies this technological shift, as Forrester warns of potential pitfalls that could lead to cybersecurity breaches.

Forrester predicts that the combination of inconsistent compliance and...

10 November 2023 | API

Wallarm highlights disturbing trends in API security threats

Wallarm has released its Q3 2023 API ThreatStats report which sheds light on the escalating threats targeting APIs and revealing vulnerabilities that have impacted industry giants such as Netflix, VMware, and SAP.

The report's revamped ‘Top 10 API Security Threats’ compilation outlines 239 vulnerabilities discovered during the quarter, with injections taking the lead.

Injections involve inserting malicious data or code into APIs, leading to unauthorised access and...

8 November 2023 | API

Salt launches STEP program to enhance API security for enterprises

Salt Security has launched an initiative to help enterprises significantly reduce risk across their API ecosystem.

The STEP (Salt Technical Ecosystem Partner) program encompasses the integration of AI-driven API security insights into existing workflows and tools within organisations. This integration empowers joint customers to bolster their security posture using the Salt Security API Protection Platform.

Salt has introduced STEP’s inaugural partners, focusing on API...

23 August 2023 | API