Memory safety is the first step, not the last, towards secure software
The U.S. government and technology giants alike are urging developers to replace C and C++ with modern, memory-safe languages like Rust. Will it be enough?
As APIs proliferate, attackers follow
With APIs accounting for more than half of all internet traffic, attacks on mobile and web application endpoints continue to grow.
Home is where the hackers are: The dizzying task of securing remote work
Increases in phishing attacks, credential stuffing against corporate cloud services and unpatched vulnerabilities in consumer hardware have all skyrocketed since the COVID pandemic upended work routines. With more employees logging in from home, locking down workers’ security habits and local networks has never mattered so much.
Flawed choices: Developers continue to use vulnerable open-source dependencies
While the open-source ecosystem continues to make progress on securing the production of widely used components, developers need better tools and a security culture to benefit.
AI code assistants need security training
Multiple studies have found that generative neural networks that produce code also reproduce security vulnerabilities in their datasets.
OpenSSL vulnerabilities are closer to heartburn than Heartbleed
The “S” in HTTPS stands for “secure,” but a newly disclosed pair of software flaws in one of the most popular open-source cryptographic libraries shows that assurance can come with a caveat.
Hear (some) evil: How video conferencing software can undermine security
Vulnerabilities in nigh-ubiquitous apps like Zoom, Microsoft Teams and Slack, combined with the behavioral changes that accompanied many people’s unexpected move to remote work, have had an outsized impact on security.
Biometrics are key to a passwordless future. They also pose vexing cyber risks
Verifying users based on their fingerprints, irises or some other biological measurement could backfire for Big Tech if companies fail to heed cybersecurity threats.
‘Once-in-a-generation’ Log4j vulnerability could linger for a decade — cyber safety board
In its first-ever report for the Department of Homeland Security, a group of top government and industry cyber experts said the Log4j vulnerability triggered “one of the most intensive cybersecurity community responses in history” last December — and it’s far from over.
Deep-rooted firmware cyberthreats put defenders in a bind
Recent cyberthreats targeting firmware technology have underscored how tricky it is to weed out malware that can start wreaking havoc before infected computers even boot up.
Page