GitHub releases analysis of relations between developers and security researchers

Relations between developers and security researchers is critical, but it’s no secret they’re often fraught.

GitHub first announced that it was expanding its research to more fully understand the relationship between developer and security research communities in December 2020. The initial analysis, conducted by GitHub Security Lab, has now been released.

For its debut analysis, Github focused on the vulnerability disclosure process—of which there is currently no...

Boris Cipot, Synopsys Software Integrity: On the cybersecurity landscape and countering threats

Following a year of high-profile cyberattacks, developers are understandably concerned their software could be the next to be compromised.

Developer caught up with Boris Cipot, Senior Sales Engineer at Synopsys Software Integrity, to discuss the cybersecurity landscape and how developers can secure their software.

Cipot came to Synopsys following the company’s acquisition of Black Duck Software. Prior to those companies, Cipot held senior roles at anti-malware...

Checkmarx acquires Dustico in wake of increasing supply chain attacks

Developer-centric app security testing (AST) firm Checkmarx has acquired Dustico to help counter the increasing threat of supply chain attacks.

“We’re thrilled to welcome Dustico and its team to Checkmarx as the Israeli tech ecosystem continues to push the boundaries of cybersecurity innovation and talent,” said Emmanuel Benzaquen, CEO, Checkmarx.

“Blending Dustico’s differentiated approach to open source analysis with Checkmarx’s best-of-breed security...

Former NSA executive Jacob DePriest now heads GitHub’s security operations

GitHub has announced that former NSA (National Security Agency) senior executive Jacob DePriest is now heading its security operations.

Open source evangelist DePriest built the NSA’s Developer Experience from scratch and helped the agency’s developers contribute to the work of others. The NSA’s historically lengthy approval process was reduced from weeks to mere hours in some cases.

A 2019 post on the US Intelligence Careers website explains why DePriest has a...

Google’s latest framework aims to prevent SolarWinds-like supply chain attacks

Google has unveiled a new framework called Supply chain Levels for Software Artifacts, or SLSA (pronounced "salsa").

The intention of SLSA is to help prevent the growing number of devastating supply chain attacks in recent years—such as the SolarWinds and CodeCov hacks.

Google describes SLSA as "an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain."

The company says that SLSA is inspired by its own...

Incognia launches free Developer Edition to counter mobile app fraud

Incognia has launched a free ‘Developer Edition’ of its mobile fraud prevention solution to help protect users of fintech and m-commerce apps.

Spurred by the pandemic, mobile transactions increased by 250 percent in 2020. According to Adjust’s Mobile Finance Report 2020, investment apps saw a particularly impressive session growth of 88 percent between January and June 2020.

The rapid increase in mobile transactions has attracted fraudsters looking to line their...

Codecov breach prompts fears of another SolarWinds-style hack

A hack impacting software testing firm Codecov is expected to have resulted in hundreds of networks being compromised, prompting fears of a fallout similar to the recent SolarWinds attack.

Codecov has over 29,000 customers including companies such as IBM, Proctor & Gamble, Hewlett Packard Enterprise, Atlassian, Washington Post, and GoDaddy. The potential scale of the attack has led to a federal investigation.

"We are aware of the claims and we are investigating...

Congress wants Apple and Google to clamp down on foreign apps

Congress is calling on Apple and Google to clamp down on apps that weren’t born in the USA (cue Springsteen).

Trump’s administration is currently mulling a complete ban of any Chinese software but, while that debate is ongoing, Congress wants the two largest mobile platform holders to begin clamping down on foreign apps in less radical ways.

The Congressional Committee on Oversight and Reform has sent two letters to the CEOs of Apple and Google to request they probe...