As a reporter for a publication focused on software development two years ago, I wrote a couple stories about how first software was developed so it did what it was designed to do, then they’d worry ...

In last week's column, I talked to Bruce Schneier about complexity, one of the main reasons it will be hard for computer security to improve in the future. As software becomes more complex, in terms ...

For all the scary talk about cyberattacks from vendors and industry experts, relatively few attacks are actually devastating. But the Jaguar Land Rover (JLR) attack was. The JLR breach wasn’t some ...

“Fun” isn’t usually the first word that comes to mind when the topic of cybersecurity comes up. But the techniques of gamification—applying game design elements and principles in non-game settings to ...

DevSecOps, short for Development, Security, and Operations, is a methodology that integrates security practices into software Development Operations (DevOps). It emphasizes that security should be a ...

A new, free 22-page report from SAFECode discussses best practices across the secure development lifecycle in a pithy, pragmatic way. A new 22-page report, “Fundamental Practices for Secure Software ...

CodeSecure, a leading global provider of application security testing (AST) solutions, and FOSSA, the complete software supply chain platform, are partnering to provide native product integration that ...

Microsoft plans to integrate Anthropic’s Mythos AI model into its Security Development Lifecycle, a move that suggests advanced generative AI is beginning to play a direct role in how major software ...

While all of the recent Microsoft buzz centers on Windows 7, the company made a small but important announcement this week. At TechEd Europe in Germany, Microsoft announced that it has adapted its SDL ...

The third white paper in our series, “Building an AI Chip” delves into the critical aspects of ensuring robust security and efficient software development for AI chips. As AI applications become ...