Entry points threaten multiple open-source ecosystems

Sign illustrating how vulnerabilities with entry points can be exploited by hackers to threaten open-source packages of multiple programming ecosystems.

While current tools have improved at detecting common tactics for exploiting open-source packages, a feature remains largely overlooked: entry points.

Security researchers at Checkmarx uncovered how attackers can leverage entry points across multiple programming ecosystems, with a particular focus on PyPI, to trick victims into running malicious code. This method – while not allowing for immediate system compromise – offers a subtler approach for patient attackers to...

14 October 2024 | Developer

GitLab releases critical security patches amid vulnerability streak

Person applying a band aid illustrating DevOps platform GitLab issuing new critical security patches following a streak of vulnerabilities that could impact organisations and software developers.

GitLab has released a new round of critical security patches for its Community Edition (CE) and Enterprise Edition (EE) products. The company strongly recommends that all self-managed GitLab installations be upgraded immediately to one of the latest versions: 17.4.2, 17.3.5, or 17.2.9.

These patch releases address several critical and high-severity vulnerabilities, including a critical flaw that could allow attackers to run pipelines on arbitrary branches. This latest security...

11 October 2024 | Developer

Anthropic launches Message Batches API for Claude

Illustration by Anthropic AI depicting their Message Batches API for developers to take full advantage of the Claude large language model.

Anthropic has launched its Message Batches API, which offers developers a cost-effective solution for processing large volumes of Claude queries asynchronously. 

Through the Message Batches API, developers can now send batches of up to 10,000 queries. These batches are processed in less than 24 hours and come at a 50% reduction in cost compared to standard API calls—representing a significant advancement in handling non-time-sensitive tasks more efficiently.

The...

9 October 2024 | API

Open Source Pledge aims to fund software maintainers

Illustration of Sentry's Open Source pledge to support software maintainers.

Sentry has launched the Open Source Pledge—a programme designed to provide direct financial support to open-source software maintainers. The initiative stems from a long-standing aspiration to give back to the open-source community on behalf of every Sentry employee.

The concept of the Open Source Pledge emerged years ago with two primary objectives: to compensate maintainers directly and to establish a sustainable model that scales with Sentry’s growth.

David...

8 October 2024 | Developer

Halo developers shelve own game development engine for Unreal

Screenshot from a Halo project rendered in the Unreal Engine 5 game development engine.

The developers behind the iconic Halo franchise have announced a shift in their approach to game development. 343 Industries, now rebranded as Halo Studios, will be abandoning their proprietary Slipspace Engine in favour of Unreal Engine 5 for all future Halo projects.

This revelation came during the 2024 Halo World Championship, where fans were treated to a surprise video showcasing new visuals created using Unreal Engine 5. The footage depicted familiar Halo landscapes with a...

7 October 2024 | Development Tools

PostgreSQL 17 delivers a leap forward for open-source databases

Person leaping illustrating the open-source database advancements in PostgreSQL 17 for developers.

The PostgreSQL Global Development Group has unveiled PostgreSQL 17, the latest iteration of what is widely-regarded as the world's most advanced open-source database. This release marks a significant milestone in the database's evolution, bringing substantial performance enhancements and new features that cater to both emerging and established data management needs.

PostgreSQL 17 builds upon its robust foundation, offering improved performance and scalability whilst adapting to...

27 September 2024 | Databases

Safe Coding: Google’s strategy reduces memory safety vulnerabilities

Google logo illustrating its Safe Coding strategy to reduce memory safety vulnerabilities to improve security.

Google has unveiled compelling data highlighting the efficacy of its "Safe Coding" approach in reducing memory safety vulnerabilities.

The tech giant's strategy, which prioritises the use of memory-safe programming languages for new code development, has yielded impressive results. Most notably, Android has seen a sharp decline in memory safety vulnerabilities, plummeting from 76% of all vulnerabilities in 2019 to just 24% in 2024.

This reduction is particularly...

26 September 2024 | Android

GitHub begins offering data residency to EU developers

GitHub Octocat reading a newspaper after news that the company will offer data residency, starting with EU developers.

GitHub has announced that it will introduce data residency capabilities, beginning with EU developers on 29 October 2024. The new data residency feature for Enterprise Cloud will allow organisations to store their GitHub code and repository data in their preferred geographical region.

"We've heard for years from enterprises that being able to control where their data resides is critical for them," explained Jim Wang, VP of Engineering at GitHub. “With data residency,...

25 September 2024 | Cloud

General app stability improves as crash-free sessions near 100%

Thumbs up on a smartphone illustrating mobile app stability on Android and iOS platforms reaching almost perfection.

Instabug has released its Mobile App Stability Outlook 2024 report, shedding light on the current state of app performance across various platforms and industries.

The report reveals that mobile apps have maintained the high stability rates observed in the previous year, with only minor fluctuations across all percentiles. The median crash-free session rate stands at an impressive 99.95%, confirming a high level of stability across the board.

Top-performing mobile teams...

19 September 2024 | Android

Snap OS debuts with developer-friendly Spectacles 5 AR glasses

Snap's Spectacles 5 AR glasses which were launched alongside Snap OS and Lens Studio for software developers.

Snap, the company behind Snapchat, has today announced the fifth generation of its ‘Spectacles’ AR glasses. These new see-through, standalone AR glasses are designed to enable users to interact with ‘Lenses’ and experience the world in novel ways alongside friends.

The latest iteration of Spectacles is powered by Snap OS, an operating system crafted to enhance natural interactions with the world. The glasses are now available through Snap's Spectacles Developer...

18 September 2024 | Developer