Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

Security Self-Governance: Addressing The Regulatory Gap In AI-Assisted Software Development

Organizations must proactively manage developer risk through establishing a self-governance strategy—one that accounts for ...
InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
Cyber Defense Magazine

The Real Cost of Exposure Remediation: Helping Developers Avoid Burnout

The number of security weaknesses companies face keeps growing fast. Common vulnerabilities and exposures (CVEs) jumped by 39% in 2024, adding to the ...
Gadget Review on MSN

Claude AI uncovers 500+ critical bugs, sending open-source developers into patch mode

Anthropic's Claude AI autonomously discovered 500+ critical vulnerabilities in popular open-source software using only basic ...
Dark Reading

Vulnerabilities, AI Compete for Software Developers' Attention

Less than two years after the general release of ChatGPT, most software developers have adopted AI assistants for programming. That's boosting efficiency, but at the same time, it's led to a higher ...
SD Times

GitHub’s Copilot Autofix generates remediation fixes for code vulnerabilities

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
Dark Reading

Automaker Secures the Supply Chain With Developer-Friendly Platform

For teams responsible for delivering software into connected vehicles, software supply chain security carries significant ...
Infosecurity-magazine.com

Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP

A series of critical vulnerabilities affecting the widely used WPLMS and VibeBP plugins for WordPress have been identified by security researchers. These plugins are essential components of the WPLMS ...
SiliconANGLE

JFrog discloses CVSS 9.8 React vulnerability putting millions of developers at risk

Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, the open-source JavaScript library developed by Meta Platforms Inc., that ...
KELOLAND News

Developer Research: The profile of new ML/AI developers, 35% of DevOps professionals face vulnerabilities

The collection of software development industry reports is complete with new data on Software Supply Chain Management and the profile of new ML/AI developers The most prevalent software supply chain ...
Computer Weekly

Sonatype CEO on self-service: The vulnerability data gap undermining AI-driven development

The latest trends in software development from the Computer Weekly Application Developer Network. This is a guest post for the Computer Weekly Developer Network written by Bhagwat Swaroop, in his ...