GitLab releases critical security patches amid vulnerability streak

Person applying a band aid illustrating DevOps platform GitLab issuing new critical security patches following a streak of vulnerabilities that could impact organisations and software developers.

GitLab has released a new round of critical security patches for its Community Edition (CE) and Enterprise Edition (EE) products. The company strongly recommends that all self-managed GitLab installations be upgraded immediately to one of the latest versions: 17.4.2, 17.3.5, or 17.2.9.

These patch releases address several critical and high-severity vulnerabilities, including a critical flaw that could allow attackers to run pipelines on arbitrary branches. This latest security...

11 October 2024 | Developer

Oracle APEX tutorials: Insights and techniques from Vinish Kapoor

Oracle Application Express, commonly known as Oracle APEX, is a powerful low-code development platform that allows developers to create robust web applications quickly and efficiently. For those looking to dive into this technology or enhance their existing skills, finding quality tutorials can be a game-changer. This article will explore the world of Oracle APEX tutorials, with a special focus on the valuable resources provided by Vinish Kapoor at vinish.dev.

The importance of...

25 September 2024 | Developer

Platform engineering is falling short of expectations

Person standing on a downward arrow suggestive of platform engineering falling short of expectations in embedded software.

Platform engineering – lauded for its potential to revolutionise software development with automation, self-service, and streamlined workflows – appears to be falling short of expectations in the embedded software world.

A new study by Forrester Consulting, commissioned by Qt Group, reveals a stark disconnect between the perceived maturity of platform engineering strategies and their actual implementation.

The research – surveying 317 decision-makers and...

10 September 2024 | Approaches

Critical OpenSSH vulnerability threatens millions of Linux systems

A severe vulnerability in OpenSSH's server (sshd) has been uncovered by Qualys’ Threat Research Unit (TRU), potentially affecting over 14 million Linux systems worldwide. The flaw, designated as CVE-2024-6387, allows for remote unauthenticated code execution (RCE) with root privileges on glibc-based Linux systems.

This vulnerability, stemming from a signal handler race condition, impacts sshd in its default configuration. Qualys researchers have identified approximately 700,000...

1 July 2024 | Developer

GitLab’s DevSecOps report highlights AI challenges

GitLab's 8th annual Global DevSecOps Report has unveiled a complex landscape of software development, highlighting disparities between executive perceptions and developer realities. The survey, conducted in April 2024, gathered insights from over 5,300 professionals across the software development spectrum.

While 69% of CxOs report shipping software at least twice as fast as last year, AI adoption remains low, with only 26% of respondents implementing AI in their workflows. This...

28 June 2024 | Approaches

Optus breach is a wake-up call for secure coding practices

A “coding error” in Optus Mobile's systems led to a massive data breach affecting over nine million customers, sparking a lawsuit from the Australian Communications and Media Authority (ACMA).

The case, filed under number VID429/2024 in the Federal Court of Australia, highlights the severe consequences of software vulnerabilities in large-scale systems.

The breach, which affected over nine million Optus users, was caused by a seemingly simple coding error—a stark...

21 June 2024 | Approaches

‘Impact Engineering’ development approach outperforms Agile

The Agile Manifesto has shaped software development for over 21 years. However, empirical research into its real-world effectiveness remains scarce. Recent findings highlight a pressing concern: 81% of business decision-makers in the UK and 89% in the USA worry about on-time software project delivery within their organisations.

A new study, conducted for the book "Impact Engineering," reveals that 65% of software projects using Agile principles fail to meet deadlines, budgets, and...

5 June 2024 | Approaches

Cisco: Developers spend majority of time firefighting

A new survey from Cisco reveals that software developers are spending more than 57% of their time in "war room" meetings to resolve application performance issues, rather than focusing on building new software to drive innovation. 

The findings highlight the immense pressure facing developers today. Globally, 85% of those surveyed report increased demands to accelerate software release velocity, while 77% cite mounting pressure to deliver seamless and secure digital...

8 May 2024 | Approaches

Puppet explores the benefits of platform engineering for security

An increasing number of organisations have built platform teams to help improve the developer experience – and the latest State of DevOps Report from Puppet has looked to show how platform engineering is improving security as well.

The 13th annual State of DevOps Report – which is also being called the State of Platform Engineering Report by Puppet – polled approximately 500 respondents, drawn primarily from IT practitioners and leaders who work either as part of or...

28 March 2024 | Developer

NVIDIA employs GenAI for rapid software vulnerability detection

NVIDIA has demonstrated how its generative AI technologies can help to quickly identify and mitigate common vulnerabilities and exposures (CVEs) and other software security risks.

The NVIDIA NIM and NeMo Retriever microservices – along with the Morpheus accelerated AI framework – enable security analysts to detect and mitigate risks in a matter of seconds, a task that previously took hours or even days using traditional methods.

Traditional cybersecurity methods...

19 March 2024 | Artificial Intelligence