SEARCH
Archive
Facebook Releases Static Code Analysis Tool for Python
Facebook has open-sourced Python Static Analyzer, an internally-developed static code analyzer for finding and fixing flaws in Python code. Pysa analyzes how data flows through the application to identify security issues that result when data winds up in an area of the application is shouldn't be able to reach.
Most Applications Contain Vulnerable Open Source Libraries
Modern software development relies on open source libraries, even for those applications that are sold commercially and aren’t open source. A pair of reports from Veracode and Synopsys illustrate how these components are introducing vulnerabilities into these applications.
Give IT a Break from Software Updates
Microsoft said it will pause non-security Windows updates beginning in May as part of its plan to reduce the update pressure on IT and security teams, as they are busy keeping organizations operational during the COVID-19 pandemic. Other software companies are adjusting their release schedules, recognizing that IT and security teams are currently stretched thin.
Older Bugs in Software Add to Security Debt
In the rush to fix newer vulnerabilities, the older ones are left unaddressed. The resulting security debt increases the organization's risk of a breach, Veracode warned.
GitHub Beefs Up Code Scanning With Semmle
Keeping software secure isn't just the developer's job. GitHub is strengthening its ecosystem with tools for developers, researchers, and project maintainers to identify and fix software vulnerabilities.