Microsoft said it will pause non-security Windows updates beginning in May as part of its plan to reduce the update pressure on IT and security teams, as they are busy keeping organizations operational during the COVID-19 pandemic. Other software companies are adjusting their release schedules, recognizing that IT and security teams are currently stretched thin.
In the rush to fix newer vulnerabilities, the older ones are left unaddressed. The resulting security debt increases the organization's risk of a breach, Veracode warned.
GitHub rolled out several new features designed to help developers write secure code at its recent GitHub Satellite conference last week in Berlin.
The original vulnerability may be in a jQuery plugin, but the disconnect in how web developers use .htaccess with the Apache web server and how the server is actually configured means there are potentially more applications out there that are vulnerable to attack.