Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The developer role is steadily expanding, now encompassing operations and security functions in addition to writing and testing code.

Snyk has been a long-time active participant in and sponsor of the Open Source Security Foundation (OpenSSF). We’re there because we believe in supporting its mission of securing the open source ecosystem. A recent summit meeting convened by the OpenSSF with the White House brought together various US Government departments for a chat about open source security.

On October 3, 2023, Daniel Stenberg, the long-time curl maintainer and original author, published a note on both LinkedIn and X (formerly Twitter) regarding the shipping of curl version 8.4.0, which will contain a fix for "probably the worst security problem found in curl in a long time." This issue should be taken seriously as curl maintainers have been vocal about downplaying the risk associated with most vulnerabilities reported against curl in the past (a recent example is the article CVE-2020-1990

Designing and maintaining secure infrastructure configurations from code to cloud is a complex process involving multiple technical teams and security stakeholders. The first challenge is writing secure infrastructure configurations pre-deployment.

The use of artificial intelligence in every area of life — from writing papers to maintaining critical infrastructure to manufacturing goods — is a controversial topic. Some are excited about the possibilities that come with AI/ML tech, while others are fearful and reticent. These differing opinions raise a fundamental question: will AI turn our modern-day society into a utopia or a dystopia?

The widespread success and influence of Microsoft Visual Studio (VS) Code can be largely credited to its extensibility. While it's often categorized as a code editor, with the right knowledge and extensions, it can be so much more. For instance, it can also be used as a web browser, word processor, or file-management system. Microsoft also encourages developers to take advantage of VS Code's extensibility by making the VS Code API as accessible as possible.

This month, Apple Security Engineering and Architecture (SEA) and The Citizen Lab at The University of Toronto's Munk School opened a pair of Critical vulnerabilities relating to maliciously formed WebP images which could be used to exploit the Chrome browser, as well as the webmproject/libwebp library from Google. As of Sep 27th, 2023, the CVEs known to track this libwebp vulnerability actively include.

By now, we’re all painfully aware that AI has become a crucial and inevitable tool for developers to enhance their application development practices. Even if organizations restrict their developers using AI tools, we hear many stories of how they circumvent this through VPNs, and personal accounts.

In the modern software ecosystem, containerization has become a popular method for packaging and deploying applications. Alongside this growing trend, ensuring the security of software supply chains has become a critical concern for businesses of all sizes. Implementing best practices, such as signing and verifying images to mitigate man-in-the-middle (MITM) attacks and validating their authenticity and freshness, play a pivotal role in safeguarding the integrity of the software supply chain.