The Food and Drug Administration (FDA) recently issued new requirements mandating that medical devices be secured against cyberattacks. This move comes after a long-standing concern about the potential for these devices to be hacked and used to harm patients. This new requirement is a significant step towards securing medical devices, which have been increasingly […]
READ MOREThe source code of Twitter was recently (maybe?) leaked on GitHub, a popular code repository platform. The code repository was quickly taken down, but not before it had been downloaded by hundreds of users. The leak has drawn attention from security experts regarding the implications for the social media platform and raised concerns over the […]
In a recent thread on a discussion forum, a group of developers discussed time lost on bug chasing. One developer lamented that he lost 5 days; another 5 years between the time it was discovered and the time it was finally resolved. Still another developer estimated that in an organization of 400 engineers, […]
Why does software security matter? From the rise of the internet to an entirely interconnected world The last 30 years have seen remarkable developments in computer technology and the emergence of the internet. It’s incredible to think about how much more connected and pervasive the internet has become since the turn of the century. Nowadays, […]
The Tech Trailblazer Awards has named ShiftLeft as one of the year’s best new companies. As the first independent global awards program dedicated to the enterprise technology startup ecosystem, the Tech Trailblazers Awards recognizes and rewards leading startups, innovations, and individuals from around the globe. Among the cohort of winners across 15 different categories and […]
The internet has been on fire since the launch of ChatGPT. This AI powered chatbot was released late November and people wasted no time in finding humorous, thought provoking, and potentially dangerous uses for it. At the core, any AI is only as good as the information and prompts you feed into it and this […]
In the age of digital transformation, every company has become a software company. And with software comes vulnerabilities and malicious attackers who will try to exploit them. These digital enterprises have been seeking a way to pre-empt, prevent, and defend themselves against these attacks–a way to shift security left. The concept and process of shifting […]
On March 21, the Biden administration directed US companies to “harden your cyber defenses immediately.” With these new federal guidelines for application security, the White House urged software developers to deploy “modern tools that can detect known and potential vulnerabilities” in their custom and open-source software (OSS). Learn more about how ShiftLeft can help.
The threat landscape is evolving quickly. Application security is working to keep pace with the ever-evolving threat landscape. As the application development process becomes more incremental, with developers embracing frameworks such as Agile and DevSecOps, it is becoming more important for developers to pay attention to application security trends, know what they can do better […]
Spring unauthenticated RCE via classLoader manipulation A critical zero-day vulnerability in the Spring framework was recently reported to Spring’s maintainer, VMWare. The vulnerability is an unauthenticated remote code execution vulnerability that affects Spring MVC and Spring WebFlux applications. You can find the CVE here. What is affected? The Spring4Shell RCE vulnerability allows attackers to execute code […]
There are plenty of good and popular caching libraries on the JVM, including ehcache, guava, and many others. However, in some situations it’s worth exploring other options. Maybe you need better performance. Or you want to allow the cache to grow and fill up the entire heap, yet shrink automatically when your application needs more […]
It is impossible to manage security posture without considering two key factors in any potential vulnerability or security flaw: reachability and risk. The two factors are related. Reachability defines the degree to which a given security vulnerability that is detected, such as a CVE, can actually be attacked and exploited to gain privileged access and […]
© 2023 Qwiet. All rights reserved.