Security

Weaponizing generative AI

The security of genAI models is iffy and takes a back seat to other issues, but with developers increasingly using genAI for code, it needs to become a priority.

By Matt Asay

Dec 16, 20244 mins

Artificial IntelligenceGenerative AISecurity

Supply chain compromise of Ultralytics AI library results in trojanized versions

By Lucian Constantin

Dec 09, 20241 min

Development Libraries and FrameworksPythonSecurity

A GRC framework for securing generative AI

By Trevor Welsh

Nov 19, 202411 mins

Application SecurityData GovernanceGenerative AI

Java proposals would boost resistance to quantum computing attacks

By Paul Krill

Nov 08, 20242 mins

Application SecurityData and Information SecurityJava

‘Package confusion’ attack against NPM used to trick developers into downloading malware

By John E. Dunn

Nov 06, 20244 mins

Open SourceSecurityVulnerabilities

Articles

Understanding VBS Enclaves, Windows’ new security technology

Microsoft is protecting Recall’s vector indexes in trusted execution environments. It adds a bit of computational overhead, but is a must for data security.

By Simon Bisson

Oct 03, 2024 8 mins

ContainersData and Information SecurityWindows Security

Java 23 highlights crypto performance and security

Security-related enhancements include crypto performance updates, new debugging options, and additions to Kerberos and PKI.

By Paul Krill

Sep 24, 2024 3 mins

JavaProgramming LanguagesSecurity

Security takes a front seat

Threats that have always existed but are now amped up by generative AI are making enterprise leadership take notice and open the purse strings.

By Matt Asay

Aug 19, 2024 4 mins

Application SecurityCloud SecurityTechnology Industry

Red-teaming AI with PyRIT

Microsoft has open sourced a key piece of its AI security, offering a toolkit that links data sets to targets and scores results, in the cloud or with small language models.

By Simon Bisson

Aug 15, 2024 7 mins

Application SecurityGenerative AIMicrosoft Azure

Focusing open source on security, not ideology

In today’s world where everything gets hacked, conversations about security are what’s truly important, especially to attract younger developers to open source.

By Matt Asay

Jul 22, 2024 4 mins

Cloud SecurityOpen SourceSecurity Practices

How evolving AI regulations impact cybersecurity

Getting in front of AI risks includes understanding evolving regulations. Here’s what that means for cybersecurity leaders.

By Ram Movva and Aviral Verma

Jul 02, 2024 8 mins

Application SecurityData GovernanceGenerative AI

7 application security startups at RSAC 2024

VC-backed up-and-comers zero in on devsecops, the software supply chain, and securing the software development life cycle.

By Victor Garza

May 14, 2024 6 mins

Application SecurityDevopsSecurity

Understanding Microsoft’s Trusted Signing service

A new managed signing service on Azure offers low-cost, low-touch code signing with integration into GitHub Actions.

By Simon Bisson

May 02, 2024 8 mins

Application SecurityCloud ComputingMicrosoft Azure

Java services hit hardest by third-party vulnerabilities, report says

State of DevSecOps report finds 90% of Java services susceptible to vulnerabilities in third-party libraries.

By Paul Krill

Apr 18, 2024 2 mins

JavaJavaScriptPython

Rust gets security fix for Windows vulnerability

Rust 1.77.2 point release addresses a critical vulnerability affecting Windows deployments.

By Paul Krill

Apr 12, 2024 2 mins

RustSecuritySoftware Development

Rust memory safety explained

What makes the Rust language one of the best for writing fast, memory-safe applications? Rust's memory-safety features are baked into the language itself.

By Serdar Yegulalp

Apr 03, 2024 7 mins

C++Programming LanguagesRust